World Association of Newspapers and News Publishers

"If you want peace, prepare for war" – newspapers face the growing threat of cyber attacks

World News Publishing Focus

World News Publishing Focus
Your Guide to the Changing Media Landscape

"If you want peace, prepare for war" – newspapers face the growing threat of cyber attacks

On the evening of Saturday 19 March, Sweden’s major news websites experienced a massive cyber attack, taking the sites fully or partially offline for several hours. The attacks used the distributed denial-of-service (DDoS) method, and affected the sites of Dagens Nyheter, Svenska Dagbladet, Expressen, Aftonbladet, Dagens Industri, Sydsvenskan and Helsingborgs Dagblad.

Although it is not clear from where the attacks originated, online traffic analysis indicates that the majority of the traffic came from a network of computers located in Russia, Aftonbladet reported (link in Finnish).

The implications of the attacks go beyond cyber security as news media were their target, raising questions about the possibility of a malicious actor orchestrating a media blackout. The Swedish interior minister Anders Ygeman called the attacks “a deeply worrying attack on the media and free speech”. “To threaten access to news coverage is a threat to democracy”, said Jeannette Gustafsdotter, the head of the Swedish Media Publishers’ Association.

DDoS attack, which is the most common way of targeting and crashing a website, is a relatively easy form of cyber attack to execute. In simple terms, the attacker harnesses an army of “zombie” computers, infected by malware, and directs them to simultaneously target specific websites. The aim is to overwhelm the receiving servers and thus take the site down. (More detailed explanations of DDoS attacks can be found here and here.)

As DDoS attacks are somewhat simple to execute compared to most other forms of cyber attacks, it’s likely that they will be also used more and more in the future in attempts to silence news media. News publishers would therefore do well to reassess their IT security and make sure they have the necessary protections in place.

Attacks against Schibsted

For Schibsted, the first attack started at about 19:30 on Saturday 19 March, escalating quickly and eventually reaching traffic levels of over 100 Mbps, causing parts of the ISP infrastructure to crash. Although Aftonbladet was the main target, Svenska Dagbladet and other sites of the company were also affected due to shared resources.

It took several hours to mitigate the consequences and reroute traffic to get the sites back online. A second large attack followed on Thursday 24 March, as heavy as the first one, however this time the affected sites only went down for a couple of minutes.

Malin Bäcklund, CIO of Schibsted Sverige AB, says that the company has been continuously strengthening its IT security, specifically its DDoS protection, but the attack was a clear demonstration that the security measures were not sufficient.

“One part of the protection that we had implemented at our internet service provider proved not to work properly during the massive attack,” Bäcklund says. According to her the company has previous experience from DDoS attacks, but this time was at a much larger scale than what they had faced before. She underlines the importance of robust stress test processes. “The attack was a real life test which we have learnt a lot from.”

In the aftermath, the Swedish media companies have been in contact with each other, Bäcklund says, sharing learnings in order to build stronger protections against future threats. Schibsted is also working with the police, but for security reasons Bäcklund can’t comment more about the investigation. (A Twitter user was reported as taking responsibility of the attacks.)

If this is the new reality that news publishers live in, how can they be sure to be prepared? “The best way to prepare for attacks is to secure a continuous work on IT security, and never lean back,” Bäcklund says, noting that it’s usually easier to get financing for smaller, on-going online security investments than for massive systemic rebuilds.

It’s not only a technical issue, however – a new way of thinking is also required: “I would recommend to think as the Romans: ‘Si Vis Pacem, Para Bellum’ – ‘If you want peace, prepare for war’”.

(image source: Think Defence)


Teemu Henriksson's picture

Teemu Henriksson


2016-04-14 17:33

Author information

The news publishing industry is experiencing transformation at an ever-growing pace, with new policy issues arising as the landscape changes.

We will be examining policy discussions that will define the news publishing environment of the future, the key topics being internet governance, privacy and copyright. Click here to learn more about our work.

WAN-IFRA Media Policy team and experts.

© 2020 WAN-IFRA - World Association of News Publishers

Footer Navigation