What it's like to be a reporter under cyberattack

Propublica's Julia Angwin (previoulsy) is one of the most fearless, effective investigative journalists reporting on technology; last August, she was subjected to brutal, crude, devastating cyberattacks after the publication of an article she worked on that outed tech companies, ad brokers and payment processors for helping extremists "monetize hate," acting as paymasters for neo-Nazis, the alt-right, and genocidal racists.

Angwin and her colleagues were subjected to "subscription bombs," when attackers use bots to sign up their targets for millions of mailing lists (for example, a list to get notified whenever someone replies to a given post on a WordPress blog). The targets are then flooded with millions of subscription confirmation emails, which clog their inboxes and swamp their mailservers. These attacks are particularly effective when directed at organizations like Propublica, whose independent newsgathering demands that their maintain their own email servers, rather than entrusting their internal communications to better-defended companies like Google.

A few of the big mailing-list providers are voluntarily including an experimental header in their subscription confirmation messages, allowing targets of subscription bombs to automatically filter them, but this is a relatively recent and as-yet narrowly adopted countermeasure.

The email bombs were just part of the attacks on Propublica, who also faced automated and human-fronted Twitter harassment, death and rape threats, doxing, and similar attacks. They worried they might get "swatted" (when an attacker tricks the local police into thinking that there's a hostage situation in their target's home, resulting in the dispatch of a SWAT team, which can have lethal consequences).

Angwin reports that the Propublica email has returned to normal, but her piece is a wake-up call about an asymmetry on the internet that can be exploited to attack many other people doing good work, including those with even less resources that Propublica.

Jeff wrote a program to automatically email the owners of nearly 500 of the WordPress websites that had been hijacked to send us email. These emails had been sent automatically to confirm that we'd signed up for an account, usually for the purpose of being able to post a comment on a blog. "I'm a reporter with ProPublica, a nonprofit news organization," Jeff wrote. "Earlier this week, we started receiving thousands [of] emails in our inboxes. After investigating them, we found that someone was signing us up for new accounts on sites like yours." He asked them to send him any information for the accounts created under our names.

Only a handful of sites responded. One website owner, Raul Silva from Chicago, said he was shocked that his nearly abandoned blog—he only posted once, in 2012—was being used by bots. "Holy crap! There are 2,800 registered users," Silva wrote to Jeff. "Must be bots using the site as a launch board for spamming and scamming."


[Julia Angwin/Wired]