Journalists & Cyber Threats

Journalists & Cyber Threats

How can we better ensure the digital security of the press and protect against cyber threats?


The digital security of publishers, journalists and their sources is under threat in many parts of the world. At the governmental level, policymakers must acknowledge the very real threats facing journalists specifically and ensure that digital policy initiatives both protect them and, in doing so, do not threaten free expression, basic privacy rights, or encryption and VPN protections. At the platform level, technology companies can establish and protect human rights and privacy safeguards, but they also must at times navigate challenging state demands (at times via legislation) to provide private data and information on their users, potentially permitting governments’ abuses of power. At the publisher level, proactive efforts around cyber education, safety and support, as well as sharing experiences within the industry, are equally critical. Finally, researchers and civil society need to do their part to collaboratively shed light and provide data on the trends, risks and potential avenues forward.

The physical and digital security of journalists and their sources are under threat in many parts of the world. Digital security and cybersecurity threats, in particular, have become more important than ever for the global news media as journalists and publishers are becoming high-profile targets for malware, spyware and digital surveillance, compromising their and their sources’ personal information and safetyMore broadly, digital security and cybersecurity have gained the attention of policymakers globally, with 156 countries having enacted cybercrime legislation as of 2021.

Cybersecurity threats come in many forms, including increasingly sophisticated domestic and transnational spyware, denial-of-service (DDoS) and malware (malicious software used to gain unauthorized access to IT systems and spread across a network), ransomware (malware where attackers demand a payment or ransom in exchange for restoring access), and phishing attacks. A range of actors can be behind these tactics, including nation-states and politicians, powerful individuals, corporations, criminal networks and extremist organizations. 

Digital security challenges facing the global news media also involve broader threats to data privacy and security which include growing concerns about software vulnerabilities as well as the use of digital platform surveillance. For example, some governments attempt to chip away at encryption protections offered by secure apps like Signal, WhatsApp, ProtonMail or SecureDrop. Additionally, there are digital safety and privacy concerns about legacy social media platforms like X (formerly known as Twitter) — a staple of global journalism practice and sourcing — where data and communications are rapidly becoming far less secure for journalists and civil society organizations in the wake of ownership and infrastructure changes.

Digital and physical threats to journalists are connected. For instance, the use of spyware has been linked to hundreds of acts of physical violence around the world. In particular, human rights organizations and cybersecurity experts have expressed concerns about the use of spyware largely developed by companies in Europe, the Middle East and the U.S. — including NSO Group’s ‘Pegasus’ and QuaDream’s ‘Reign’ — being used in dozens of countries around the world, especially in Latin America. There is also an increasingly important link between governments’ use of spyware and their use of lawfare (i.e., the weaponization of legal systems or institutions) against journalists. Together, these threats have critical detrimental effects on journalists’ mental health (discussed in more detail in CNTI’s upcoming issue primer on journalist safety), leading to calls for a holistic approach to security efforts.

In addition to raising safety and psychosocial concerns, digital security threats also damage trust in the news media. In an attention economy, cyberattacks can eliminate entire business models and push audiences away by slowing or crashing websites. A lack of digital security training in newsrooms — particularly newsrooms outside of large national (and largely Western) publishers with the means to provide such training — can create chilling effects for sources and whistleblowers who increasingly fear being unintentionally exposed by journalists. These patterns are representative of the public’s broader lack of trust in the safety of personal data, including in the hands of news publishers. In cases where sources are less aware of digital security concerns, research finds journalists are often hesitant to request protective measures for fear of scaring off sources. 

These threats are expensive and difficult for newsrooms to address on their own. They are even more difficult for independent journalists or publishers operating in (or in exile from) countries with hostile governments or authoritarian regimes. Thus, collaboration among policymakers, platforms, researchers and domestic and international civil society organizations is critical to ensure digital security of the global press.

Addressing the scope of cybercrime threats through policy — both in general and for journalists and sources specifically — fundamentally depends on the definition and scope of cybercrime.

There is no single, internationally accepted definition of cybercrime or cyberattacks. The definition may include crimes dependent on the use of technology, crimes facilitated by the use of technology or both. Limitations to this definition may be set based on the seriousness of the crime or the type of case (e.g., criminal, civil, administrative or all of the above). Recent efforts to account for this, such as the United Nations’ cybercrime treaty negotiations, reveal the complexity of global consensus on and oversight of cybercrime. Too broad or ambiguous of a definition raises serious risks of abuse, threatening global journalists’ safety, freedom of expression and human rights.

At the same time, “cybercrime” is a moving target as new technologies such as AI give rise to new cyber threats. Policies that do not account for these developments are not able to defend against or punish actions. Because there is so little existing case law, it is unclear how cybercrime laws apply to the multi-billion-dollar spyware industry, which poses threats to press freedom.

Policies related to digital matters sometimes lead to unintended consequences that impact the digital security of both journalists and the general public.

For instance, some policies inadvertently make it easier for spyware to be deployed, compromise end-to-end encryption vital for press freedom, or restrict the use of virtual private networks (VPNs) on which journalists depend to do their work. It’s crucial to recognize and address these potential cyber threats when formulating digital policies to ensure the overall digital security of the independent press and the public at large.

The ability to mitigate digital security risks differs across countries and across newsrooms.

Widespread uptake of digital security tools has been limited due to a lack of resources, funding and technological infrastructure as well as how difficult it can be to navigate complex, less user-friendly technologies. Even in highly digital environments, those with less developed (or unevenly developed) infrastructures may have insufficient capacity to protect against cyber threats.

Journalistic practices and norms can, at times, be in tension with digital security practices.

The nature of journalism as an incredibly public-facing and accessible occupation gives rise to specific risks for those in the industry. Digital security threats include online harassment and abuse, and doxing campaigns against journalists (discussed in more detail in CNTI’s upcoming issue primer on journalist safety), which means making journalists and their contact information easy to access online particularly risky. At the same time, removing such information is fundamentally at odds with newsroom efforts around audience interactivity and engagement. 

In 2020, research also found a broad reluctance to prioritize digital security among publishers or editors, noting an emphasis on physical security over information security, conflicts with IT teams over recommended security measures such as virtual private networks (VPNs) and perceptions that security is an individual — rather than a collective — issue. Journalists are also often hesitant to become the story, leading to less visibility for these critical issues.

In parallel with the rise of other threats to press freedom and journalists’ security – particularly in the wake of the Snowden revelations – a burgeoning academic field has turned its attention to questions around the digital and information security of the global press. Academic and public attention to cybercrime, ransomware, and spyware have also grown, both in the wake of prominent attacks and amid growing concerns about the adoption of generative AI technologies in cyberattacks – for instance, leveraging these systems to manipulate journalists’ likeness – and AI’s broader threats to digital privacy and security (see CNTI’s issue primer on AI in journalism).

It is clear from this body of work that journalists and their sources in many countries are increasingly concerned about or actively experiencing a range of digital threats (whether from domestic, foreign or unknown actors), but for several culturalinstitutional and individual-level reasons, this does not often result in changes to practices or policies to counter such threats. 

Further, work by organizations including Forbidden Stories, the University of Toronto’s Citizen Lab and the Committee to Protect Journalists have tracked at least 180 cases of spyware targeting journalists, particularly by clients of NSO Group. Other research has depicted the unique threats of digital surveillance to (1) investigative journalists and (2) marginalized people and communities including women, queer and gender-nonconforming people and people of color. This work, as noted earlier, has revealed the relationship between journalists’ digital presence and offline abuse, including but not limited to physical violence. These risks are often amplified in non-Western regions as well as in areas of conflict. (We will discuss the related issue of online harassment in detail in a separate issue primer.)

Research on the targeting of journalists (and the public more broadly) using digital surveillance or “dataveillance,” hacking and spyware often focuses specifically on:

  • How journalists perceive and adapt to information security challenges, including their protection of and secure communication with sources and whistleblowers.
  • How digital intimidation tactics threaten press freedom and journalists’ ability to deliver stories in the public interest.
  • The influence of new technologies and the rise of “dataveillance” by state and corporate actors.

While this research speaks to the global nature of digital security threats to an independent press, future research should continue to examine how journalists, technology companies, researchers and policymakers can collaborate to defend against these threats, including tracking trends and sharing practices. Currently, many conversations about how to address these threats also lack global evidence. For instance, it is unclear how, or to what extent, digital security technologies such as encryption software have been implemented by journalists outside of Western countries. It is also important to understand how communication between journalists and their sources has evolved in an increasingly digital but often less safe environment.

Further, a lack of resources continues to play a critical role in news publishers’ and journalists’ ability to protect against and respond to digital security threats. Digital forensics efforts by organizations such as Citizen Lab and Amnesty Tech illustrate the critical role intermediaries play in creating networks, developing resources and establishing support mechanisms to protect the digital security of the global press. What other areas within this ecosystem must be strengthened to account for these growing threats, and what could those resources or collaborations look like?

Cybercrime has become a growing concern among policymakers in many parts of the world. As of 2021, the UN Conference on Trade and Development found that 156 countries (80%) had enacted cybercrime legislation, though adoption rates vary by region. 

However, cybercrime policy (including but not limited to “cyber libel,” “cyberterrorism” and “online hate speech” laws) does not always account for — and at times directly threatens — the digital safety of journalists. Often, cybercrime policy efforts are led by countries’ security or banking sectors, leading to policymaking that may not take into account — or be at odds with — international standards for press freedom and privacy. Research has found that a majority of cybercrime laws include few safeguards to protect against investigatory overreach and incorporate provisions with vague or broad wording that can be used to target journalists, thus threatening an independent press and free expression.

Over the past two decades, legal frameworks established to protect an independent press and the confidentiality of journalistic sources and information have been under threat in many parts of the world. New legislation and policies, including national security or anti-terrorism legislation, override and/or contradict existing protections. Other policies pressure or force digital intermediaries to provide private user data. When legislation does not adequately account for new uses of, or technological tools for, digital data by journalists and sources, it will not provide them with necessary legal protections, thus making forward-thinking policymaking critical.

Broader debates around who qualifies as a ‘journalist’ and what qualifies as ‘journalism’ also play an important role in cyber policy, as they affect who receives which legal protections. Do the same data or source protections, for instance, extend to freelancers or citizen journalists, or to international journalists doing cross-border or conflict reporting? A lack of definitional clarity in policymaking can lead to inconsistent or unequal entitlement to protections.

Global experts have called for collaborative approaches to global cybersecurity regulations through private and public sector coordination as well as strengthened international data protection frameworks. Such frameworks loosely exist, to some extent, within agreements to advance citizens’ privacy rights by the Council of Europe and the Organisation for Economic Cooperation and Development (OECD) and as a part of efforts to establish a global cybercrime treaty by the United Nations’ Office on Drugs and Crime’s Global Programme on Cybercrime. However, these protections are not currently codified and do not account for the unique digital security threats posed to journalists and other sectors of civil society. Harmonizing these standards cross-nationally could also promote the development of more resilient digital infrastructures – though, as illustrated in recent UN efforts, consensus on definitional considerations and cross-border oversight are difficult to achieve, particularly between democratic societies and authoritarian regimes.

Finally, it is critical at both the supranational and national levels to have open legislative processes around cybercrime or cybersecurity so that the voices of the news media and journalists, as well as civil society more broadly, are taken into account from the start.

All

Notable Articles & Statements

Key Institutions & Resources

Notable Voices

Recent & Upcoming Events

Vietnam tried to hack U.S. officials, CNN with posts on X, probe finds
Washington Post (October 2023)

Investigation finds Russian journalist Galina Timchenko targeted by Pegasus spyware
Committee to Protect Journalists (September 2023)

Dissecting the UN Cybercrime Convention’s threat to coders’ rights at DEFCON
Electronic Frontier Foundation (August 2023)

Khashoggi’s widow sues Israeli firm over spyware she says ruined her life
Washington Post (June 2023)

TikTok tracked UK journalist via her cat’s account
BBC (May 2023) 

FBI takes down Russian computer malware network that attacked NATO nations, journalists
CNBC (May 2023)

Abusive spyware ban: No press freedom without journalist safety
Tech Policy Press (May 2023)

Why does the global spyware industry continue to thrive? Trends, explanations, and responses
Carnegie Endowment for International Peace (March 2023)

Digital safety: Using online platforms safely as a journalist
Committee to Protect Journalists (November 2022) 

Ex-Twitter exec blows the whistle, alleging reckless and negligent cybersecurity policies
CNN (August 2022)

Why journalism needs information security
Reuters Institute for the Study of Journalism (April 2022)

My journey down the rabbit hole of every journalist’s favorite app
Politico (February 2022)

AI risk and cybersecurity
Research ICT Africa (February 2022)

Digital security do’s and don’ts for journalists
International Journalists’ Network (April 2020)

Basic steps to enhance your privacy and security within the digital ecosystem
iWatch Africa (July 2019) 

Here are 12 principles journalists should follow to make sure they’re protecting their sources
NiemanLab (January 2019)

Five digital security tools to protect your work and sources
International Consortium of Investigative Journalists (January 2018)

Carnegie Endowment for International Peace: Offers a dataset on “Mapping the Shadowy World of Spyware and Digital Forensics Sales” ranging from 2011–2023.

Center for Democracy & Technology: Nonprofit organization aiming to promote solutions for internet policy challenges.

Center for International Media Assistance (CIMA): Initiative of the U.S. National Endowment for Democracy dedicated to improving U.S. efforts to promote independent media in developing countries around the world.

Centre for Freedom of the Media: University of Sheffield’s interdisciplinary research center with global outreach on issues of media freedom and journalism safety, including a Journalism Safety Research Network.

Citizen Lab: Investigates the prevalence and impact of digital espionage operations against civil society groups.

Committee to Protect Journalists’ Emergencies Response Team: Provides comprehensive, life-saving support to journalists and media support staff worldwide and offers digital and physical safety kits and resources. 

EFF Surveillance Self-Defense: Electronic Frontier Foundation expert guide to protect from online spying.

Freedom House: Publishes an annual Freedom on the Net report, including survey and analysis of internet freedom around the world and country-level assessments.

Global Encryption Coalition: Promotes and defends encryption in key countries and multilateral fora where it is under threat.

Global Initiative Against Transnational Organized Crime: Independent civil-society organization aimed at strategies and responses to organized crime (including cybercrime).

Global Investigative Journalism Network: Hub for investigative reporters aiming to spread, strengthen and support in-depth, watchdog journalism worldwide, offering a Journalist Security Assessment Tool and a Reporter’s Guide to Investigating Digital Threats.

Internews (including SAFETAG and MONITOR programs): Independent, nonprofit media development and support organization.

Iraqi Network for Social Media: In partnership with the Human Rights Office of the United Nations Assistance Mission for Iraq, offers an online user guide for online protection and digital security for human rights defenders and activists.

iWatch Africa: Non-governmental media and policy organization tracking digital rights in Africa.

Jamii Forums: East and Central African secure whistleblowing platform that promotes accountability and transparency in Tanzania.

Open Knowledge Foundation: Provide services to create, manage and publish open data.

Organization for Security and Co-Operation in Europe: Intergovernmental organization addressing a wide range of security-related concerns.

Organized Crime & Corruption Reporting Project: Investigative reporting platform for a worldwide network of independent media centers and journalists.

RSF Resource for Journalists’ Safety: Reporters Without Borders cyber-surveillance guide.

Safety of Journalists: Platform with useful resources on journalists’ safety from academia, civil society and international organizations.

Security Lab at Amnesty International: Multi-disciplinary team supporting journalists, activists and civil society organizations at risk from targeted digital attacks.

Tactical Tech’s guide on holistic security: A practical tool for in-depth risk assessment employing a holistic approach, integrating self-care, well-being, digital security and information security into traditional security management practices.

Tech Policy Lab: Interdisciplinary collaboration at the University of Washington that aims to enhance technology policy through research, education and thought leadership.

UNCTAD: Tracks cybercrime legislation worldwide.

UNODC Global Programme on Cybercrime: UN-mandated programme to assist Member States in their struggle against cyber-related crimes through capacity building and technical assistance.

USC Election Cybersecurity Initiative: Nonpartisan independent project to help educate and protect U.S. campaigns and elections.

Sadie Creese, Professor of Cyber Security, University of Oxford

Philip Di Salvo, Researcher and Lecturer, University of St. Gallen

Ron Deibert, Founder and Director, Citizen Lab

Roger Dingledine, President and Co-Founder, Tor Project

Paula Fray, Founder, frayintermedia

Tanveer Hasan, Executive Director, Centre for Internet & Society

Jennifer Henrichsen, Assistant Professor, Washington State University 

Mallory Knodel, Chief Technology Officer, Center for Democracy & Technology

Carlos Lauría, Executive Director, Sociedad Interamericana de Prensa (SIP)

Nayelly Loya Marín, Head of Programme, UNODC Global Programme on Cybercrime

Maxence Melo, Co-Founder & Executive Director, JamiiForums

Michael Nelson, Senior Fellow, Carnegie Endowment

Riana Pfefferkorn, Policy Fellow, Stanford Internet Observatory

Erica Portnoy, Senior Staff Technologist, Electronic Frontier Foundation

Julie Posetti, Deputy Vice President of Global Research, International Center for Journalists

Ryan Powell, Head of Innovation and Media Business, International Press Institute

Rana Sabbagh, Senior Editor, Middle East/North Africa, Organized Crime & Corruption Reporting Project 

Drew Sullivan, Co-Founder and Publisher, Organized Crime & Corruption Reporting Project 

Joel Simon, Founding Director, Journalism Protection Initiative

RightsCon
February 24–27, 2025 – Taipei, Taiwan

Chatham House Cyber2023
June 14, 2023 – London, United Kingdom

UNODC Sixth Session of the Ad Hoc Committee
August 21–September 1, 2023 – New York, United States

Internet Governance Forum 2024
December 15–19, 2024 – Riyadh, Saudi Arabia

GovExec Data in Action Summit
December 6, 2023 – Virginia, United States

International Conference on Cyber Warfare and Security
March 28–29, 2025 – Virginia, United States

Vietnam tried to hack U.S. officials, CNN with posts on X, probe finds
Washington Post (October 2023)

Investigation finds Russian journalist Galina Timchenko targeted by Pegasus spyware
Committee to Protect Journalists (September 2023)

Dissecting the UN Cybercrime Convention’s threat to coders’ rights at DEFCON
Electronic Frontier Foundation (August 2023)

Khashoggi’s widow sues Israeli firm over spyware she says ruined her life
Washington Post (June 2023)

TikTok tracked UK journalist via her cat’s account
BBC (May 2023) 

FBI takes down Russian computer malware network that attacked NATO nations, journalists
CNBC (May 2023)

Abusive spyware ban: No press freedom without journalist safety
Tech Policy Press (May 2023)

Why does the global spyware industry continue to thrive? Trends, explanations, and responses
Carnegie Endowment for International Peace (March 2023)

Digital safety: Using online platforms safely as a journalist
Committee to Protect Journalists (November 2022) 

Ex-Twitter exec blows the whistle, alleging reckless and negligent cybersecurity policies
CNN (August 2022)

Why journalism needs information security
Reuters Institute for the Study of Journalism (April 2022)

My journey down the rabbit hole of every journalist’s favorite app
Politico (February 2022)

AI risk and cybersecurity
Research ICT Africa (February 2022)

Digital security do’s and don’ts for journalists
International Journalists’ Network (April 2020)

Basic steps to enhance your privacy and security within the digital ecosystem
iWatch Africa (July 2019) 

Here are 12 principles journalists should follow to make sure they’re protecting their sources
NiemanLab (January 2019)

Five digital security tools to protect your work and sources
International Consortium of Investigative Journalists (January 2018)

Carnegie Endowment for International Peace: Offers a dataset on “Mapping the Shadowy World of Spyware and Digital Forensics Sales” ranging from 2011–2023.

Center for Democracy & Technology: Nonprofit organization aiming to promote solutions for internet policy challenges.

Center for International Media Assistance (CIMA): Initiative of the U.S. National Endowment for Democracy dedicated to improving U.S. efforts to promote independent media in developing countries around the world.

Centre for Freedom of the Media: University of Sheffield’s interdisciplinary research center with global outreach on issues of media freedom and journalism safety, including a Journalism Safety Research Network.

Citizen Lab: Investigates the prevalence and impact of digital espionage operations against civil society groups.

Committee to Protect Journalists’ Emergencies Response Team: Provides comprehensive, life-saving support to journalists and media support staff worldwide and offers digital and physical safety kits and resources. 

EFF Surveillance Self-Defense: Electronic Frontier Foundation expert guide to protect from online spying.

Freedom House: Publishes an annual Freedom on the Net report, including survey and analysis of internet freedom around the world and country-level assessments.

Global Encryption Coalition: Promotes and defends encryption in key countries and multilateral fora where it is under threat.

Global Initiative Against Transnational Organized Crime: Independent civil-society organization aimed at strategies and responses to organized crime (including cybercrime).

Global Investigative Journalism Network: Hub for investigative reporters aiming to spread, strengthen and support in-depth, watchdog journalism worldwide, offering a Journalist Security Assessment Tool and a Reporter’s Guide to Investigating Digital Threats.

Internews (including SAFETAG and MONITOR programs): Independent, nonprofit media development and support organization.

Iraqi Network for Social Media: In partnership with the Human Rights Office of the United Nations Assistance Mission for Iraq, offers an online user guide for online protection and digital security for human rights defenders and activists.

iWatch Africa: Non-governmental media and policy organization tracking digital rights in Africa.

Jamii Forums: East and Central African secure whistleblowing platform that promotes accountability and transparency in Tanzania.

Open Knowledge Foundation: Provide services to create, manage and publish open data.

Organization for Security and Co-Operation in Europe: Intergovernmental organization addressing a wide range of security-related concerns.

Organized Crime & Corruption Reporting Project: Investigative reporting platform for a worldwide network of independent media centers and journalists.

RSF Resource for Journalists’ Safety: Reporters Without Borders cyber-surveillance guide.

Safety of Journalists: Platform with useful resources on journalists’ safety from academia, civil society and international organizations.

Security Lab at Amnesty International: Multi-disciplinary team supporting journalists, activists and civil society organizations at risk from targeted digital attacks.

Tactical Tech’s guide on holistic security: A practical tool for in-depth risk assessment employing a holistic approach, integrating self-care, well-being, digital security and information security into traditional security management practices.

Tech Policy Lab: Interdisciplinary collaboration at the University of Washington that aims to enhance technology policy through research, education and thought leadership.

UNCTAD: Tracks cybercrime legislation worldwide.

UNODC Global Programme on Cybercrime: UN-mandated programme to assist Member States in their struggle against cyber-related crimes through capacity building and technical assistance.

USC Election Cybersecurity Initiative: Nonpartisan independent project to help educate and protect U.S. campaigns and elections.

Sadie Creese, Professor of Cyber Security, University of Oxford

Philip Di Salvo, Researcher and Lecturer, University of St. Gallen

Ron Deibert, Founder and Director, Citizen Lab

Roger Dingledine, President and Co-Founder, Tor Project

Paula Fray, Founder, frayintermedia

Tanveer Hasan, Executive Director, Centre for Internet & Society

Jennifer Henrichsen, Assistant Professor, Washington State University 

Mallory Knodel, Chief Technology Officer, Center for Democracy & Technology

Carlos Lauría, Executive Director, Sociedad Interamericana de Prensa (SIP)

Nayelly Loya Marín, Head of Programme, UNODC Global Programme on Cybercrime

Maxence Melo, Co-Founder & Executive Director, JamiiForums

Michael Nelson, Policy Fellow, Carnegie Endowment

Riana Pfefferkorn, Research Scholar, Stanford Internet Observatory

Erica Portnoy, Senior Staff Technologist, Electronic Frontier Foundation

Julie Posetti, Deputy Vice President of Global Research, International Center for Journalists

Ryan Powell, Head of Innovation and Media Business, International Press Institute

Rana Sabbagh, Senior Editor, Middle East/North Africa, Organized Crime & Corruption Reporting Project 

Drew Sullivan, Co-Founder and Publisher, Organized Crime & Corruption Reporting Project 

Joel Simon, Founding Director, Journalism Protection Initiative

RightsCon
February 24–27, 2025 – Taipei, Taiwan

Chatham House Cyber 2023
June 14, 2023 – London, United Kingdom

UNODC Sixth Session of the Ad Hoc Committee
August 21–September 1, 2023 – New York, United States

Internet Governance Forum 2024
December 15–19, 2024 – Riyadh, Saudi Arabia

GovExec Data in Action Summit
December 6, 2023 – Virginia, United States

International Conference on Cyber Warfare and Security
March 28–29, 2025 – Virginia, United States