Friday, April 27, 2012
BOB GARFIELD: This is On the Media. I’m Bob Garfield.
BROOKE GLADSTONE: And I’m Brooke Gladstone. Journalists confront any number of obstacles in conflict zones — threats to their own safety, the inability to report freely, a firewall of propaganda. And now, with reporters’ increased reliance on new technology comes a new hazard, mortal danger to themselves and their sources due to weak or nonexistent digital security measures. Journalist Matthieu Aikins wrote about the problem for the May issue of The Columbia Journalism Review and he included some chilling case studies, including the story of British filmmaker Shaun McCallister, and a Syrian dissident source, who went by the online name of Kardokh.
MATTHIEU AIKINS: Kardokh was very eager to get the word about the dissidents in Syria, so he was willing to work with Sea, but he became very worried because of surveillance by the Syrian government, and he wasn’t sure that Shaun was following the kind of safety precautions that he and his fellow activists felt were necessary in these situations. He said that Shaun was using unencrypted emails and calling him on the phone and sending mobile texts and generally just not behaving in a way that someone who may be the subject of intense electronic surveillance needs to behave.
BROOKE GLADSTONE: And, sure enough, Shaun was arrested, and Kardokh fled the country immediately.
MATTHIEU AIKINS: He didn’t hesitate. He just packed his bag, turned off his phone and fled, and eventually ended up across the border in Lebanon, where he’s living underground now. A number of other sources either fled or were arrested. So they were obviously compromised because the Syrians were able to get the information on Shaun’s computer and phone because they weren’t properly encrypted.
Reporters are sort of a one-stop shop for information for spies, right? We’re doing all the hard work, contacting dissidents, investigating stories, and they can access all that just by getting into our computers or email addresses, where we’re storing most of this information these days.
BROOKE GLADSTONE: How much are these countries able to do in penetrating a reporter’s work?
MATTHIEU AIKINS: Western companies and, and Chinese companies and other companies have been selling this kind of repressive technology to all these different governments — Nokia or Amasis, which is a French company. There’s Blue Coat. There’s really no restrictions on this sort of thing right now, so it’s been a free for all. It’s a very powerful surveillance technology and it’ll allow you to monitor all the email and phone conversations that are taking place within a country. It’s really incredible, how easy it’s gotten for governments to be able to do this stuff.
And of course, the U.S. government can do that too but there are legal protections, and those technologies, when they’re used in a place like Bahrain or Syria, are used to target anyone indiscriminately.
BROOKE GLADSTONE: You also discovered some pretty chilling information about the extent to which reporters were exposed in Libya. You describe a guy named Marwan Arebi who was in charge of information technology at Libya’s Ministry of Foreign Affairs.
MATTHIEU AIKINS: Marwan told me about how, among many other news organizations, that I accessed a CNN journalist’s email account and actually downloaded a source list with phone numbers and names of people who were secretly in contact with CNN inside Tripoli during the war; Arebi was secretly in contact with the Libyan opposition, and so he tried to warn some of the people on this list.
BROOKE GLADSTONE: Describe the Trojan Horse virus.
MATTHIEU AIKINS: Well, the Trojan Horse virus gets accepted onto your computer in the guise of something else, if someone sends you a video: “Hey, look at this video of human rights abuses by Gaddafi forces.” And when you click on it, it actually installs a file on your computer that allows people to access and, and do whatever they want to you, basically. And once you control someone else’s email account, then it becomes much easier to hack into their friends ‘cause you can pretend to be that person and they’ll be more likely to trust a file that you send them.
BROOKE GLADSTONE: And yet, Arebi told you that it isn’t that this stuff is so complicated.
MATTHIEU AIKINS: I mean, this is stuff that a 14-year-old kid can do. I mean, there’s a lot that you can do to protect yourself. Encrypt your drive, which basically means that all the data is in a code that only someone who has a password can read.
BROOKE GLADSTONE: And you don’t use passwords like 12345?
MATTHIEU AIKINS: Which is what half of the Syrian government officials who were hacked were apparently using.
Using long and complex passwords, being careful about what you click on and download, these are all important basic steps that people can take to secure themselves.
BROOKE GLADSTONE: Every reporter understands the need to protect their sources. That’s not something you have to drive home.
MATTHIEU AIKINS: Well, I think it’s kind of a generational thing. Technology has crept up so fast that now you're asking a lot of experienced, established reporters to stop their workflow and to learn a whole new language. Right now there’s really not much in the way of comprehensive programs to teach people digital security anywhere, whether it’s at news organization or at journalism schools.
BROOKE GLADSTONE: It seems like a problem so fundamental they should have begun to address it before now.
MATTHIEU AIKINS: Probably in ten years we’ll look back and think wow, it was crazy; we were walking around with our whole digital lives hangin’ out there exposed, and we didn’t take basic precautions. And the sooner people wake up, the better because I’ll tell you, hackers and spies have already woken up to it, and right now it’s a feeding frenzy for them, and it’s all out there and they are loving it.
BROOKE GLADSTONE: Matthieu, thank you very much.
MATTHIEU AIKINS: My pleasure.
BROOKE GLADSTONE: Matthieu Aikins is a freelance journalist. His piece, The Spy Who Came in from The Code, can be seen in the May issue of The Columbia Journalism Review.