There are a lot of places where journalists aren’t really welcome and there are plenty of people out there looking to find chinks in any news hound’s armour. Rapid advances in technology have only made it easier to find and exploit those weaknesses.
Even the most tech-savvy journos are at risk. Just ask Wired reporter Mat Honan. Last year Honan’s Google, Twitter, and Apple ID accounts were all broken into, allowing the hackers to remotely erase all the data on his iPhone, iPad, and MacBook. All this happened because Amazon displayed a portion of his credit card number, which Apple used to release information.
Because Honan is a tech journalist, the information gathered by the hackers was used to make his life very difficult. But if he’d been an investigative journalist going after a violent criminal syndicate (with access to the same information), things could have been much worse. A similar hack could, theoretically, have provided access to the contact details of confidential sources putting lives at risk.
In Hanon’s case, the impact of incident could have been lessened by simply using two-factor authentication. There are however other risks faced by journalists but there are also other solutions. Nico Sell, the co-founder of massive hacker gathering DEF CON, has listed 13 top pieces of security advice that every journo should bear in mind as they go about their business this year.
1. Protect your anonymous sources
Do not add important people to your contacts on your phone or computer; find a safe place to keep this information. Sometimes an old school notebook in a safe is still the best way to go. Sell also advocates using anonymous forms of communication because email, texts and cellphones are easily traced.
2. Save your contacts
3. Watch out for metadata
Clear meta data (GPS locations, device ID, original photo) from pictures using photo editing software before you share or publish online. This information can be used against you and your sources.
4. Beware of public Wi-Fi
Crunch-time at the airport? Do not use public Wi-Fi networks unless your messages and passwords are encrypted. It is easy for others to see what you are viewing and sending online.
5. Avoid public USB charging devices
These devices might be handy if your battery’s about to go flat but they can quickly pull all data from smartphones. Rather travel with a charged emergency top up charger at all times.
6. Talk in code
When on deadline, be sure your sources are safe — by encrypting your messages. Do not communicate with sources on an unprotected phone, email, or SMS channel. According to Sell, unencrypted messages are easy to accessible to even inexperienced hackers.
7. Turn off
The volume and sophistication of attacks on journalists’ digital data is increasing at what Sell says is “an alarming rate”. To protect your sources and content, turn off file-sharing and wireless capabilities when not in use and ensure that confidential communications remain secure.
8. Keep your devices close and password protected
Do not let phones, computers or tablets out of sight, even for a moment, especially at the airport security line. It only takes a second for someone to download all the info off your phone or scoop a valuable lead from your inbox.
9. Create a password strategy
Be sure to keep all of your accounts secure and within your control. Create and use a password strategy to ensure that confidential emails containing breaking news are not compromised. A few ideas you can use in your strategy include:
- Using a pattern on the keyword instead of words from the dictionary.
- Rotate this pattern regularly. Change your passwords after each conference.
- Use a unique password for each important account.
- Be careful when selecting password hints or security questions as the answers can often be easily guessed using information you’ve posted to social sites.
- Do not send passwords in clear text.
10. Use different devices
Always use designated devices for different activities. Again, this applies equally to journalists and non-journalists alike. Be sure to keep personal and professional communications separate. If you’re going to be at a conference, for instance, be sure to keep work information to specific devices to limit vulnerability to malware and cookies. Unprotected information can be easily obtained and released online — compromising your story and your sources.
11. Pick your ATM
Be careful withdrawing cash. Avoid using unprotected ATM machines while traveling. Look for bank-sponsored or guarded machines for assurance and accountability.
12. Shield RFIDs
Whenever possible, keep your RFID credit cards, keys and IDs at home or in a special wallet. In some countries, they can be legally scanned from over 200 feet away. If you absolutely have to move around with them, don’t advertise their existence.