According to Fact-check.ni, the spread of misinformation is inherently human. In their report, Lewandowsky et al explained the reasons for the acquisition and persistence of misinformation. One vital reason is that the mere repetition of a claim makes one think it is true.
A study by Pew research in 2017 showed that the internet’s continuous growth and accelerating innovation have the potential to make the problem more dangerous than in the past as it aids the spread of manipulative narratives.
From the foregoing, the concept of fact-checking was necessitated by the need to fight the information disorder encapsulated in misinformation/disinformation (fake news). This probably explains why the New Yorker in a 2020 article described fact-checkers as the hidden heroes of journalism.
Major news outlets have taken up the responsibility to assign journalists and fact-checkers to verify claims and outright lies by politicians and pundits.
But in their quest to fight misinformation, fact-checkers and journalists are increasingly becoming the targets of hackers and malware developers.
A study from Clark School, University of Maryland shows that there is a hacker trying to attack vulnerable computers every 30 seconds. Interestingly, more malware is being launched than ever before and it has been estimated that businesses will spend more than $1 trillion on cybersecurity between 2017 and 2021.
In 2017, a media report showed that Russian hackers tried to access the email inboxes of at least 200 reporters around the world.
Natalia Gevorkyan, a Russian columnist who reviewed the data, said the hackers went after journalists who bothered them.
Gevorkyan, who is also the author of a book on Russian intelligence, said the hacking campaign appeared geared to collecting private emails, “which they can use as leverage for later”.
Also, a political fact-checking site, Verrit was hacked almost immediately after Hillary Clinton invited followers to sign up for the site.
Within an hour of her tweet, a distributed denial of service (DDoS) attack prevented the site from loading.
Similarly, cekfakta.com, another fact-checking website in Indonesia was hacked in 2019 two days after the site held a high-profile fact-checking session at Google’s Indonesia headquarters parallel to a presidential debate.
Having established that journalists and fact-checkers are likely targets, how can you avoid being manipulated by hackers?
Below is a compilation of tools journalists can use to protect their email addresses from hackers and possible solutions to those who are already caught in email breaches.
Top on the list is have I been owned? a website developed by Troy Hunt, a Microsoft Regional Director.
It allows users to ascertain if their email addresses have been compromised. It also identifies if the email has been found in a data breach — an incident where data has been unintentionally exposed to the public.
In the same vein, the website notifies users if any information about them has been “pasted” to a publicly facing website designed to share content.
These publicly facing websites such as ‘pastebin’ are said to be used by hackers due to the ease of anonymously sharing other people’s information.
Another useful tool is mypwd.io. The website, which is similar to haveibeenowned?, describes itself as offering extra by monitoring the deep and dark web. It also gives information regarding which password was leaked and has an estimated nine billion items of data.
The website also includes email alerts for subscribers whenever a new leak associated with the registered email address is detected. These notifications carry important instructions: the leaked password must be changed to avoid financial loss and even identity theft.
DeHashed is another relevant tool to use. The website described itself as a database search engine created for security analysts, journalists, security companies, and everyday people to help secure their accounts and provide insight on database breaches and account leaks. It is said to help prevent account compromise as users can monitor hacker activity in real-time to prevent account takeover attacks using compromised credentials.
The website allows users to search for IP addresses, emails, usernames, names, phone numbers, VIN numbers, addresses; also allows users to reverse search passwords, hashes, and more. To gain access to this website, users have to subscribe first.
BreachAlarm is another website that allows users to check for breaches. It is a service that allows one to check anonymously if one’s password has been posted online, and email notifications about future password hacks.
The services comb the depths of the Internet to find stolen password lists that have been hacked, leaked or compromised, and then goes ahead to spot the email addresses of the users those passwords belong to. Users can check easily whether their email address and password have been included in any of these breaches.
The site also allows for checking multiple hack verification sites just to make sure.
Have I been sold? Another good alternative to the above-mentioned websites for checking email leaks.
Have I Been Sold? is a free service that lets users go through a database of purchased emails and see if someone sold their contact information.
If your data is involved in a data breach, what do you do? It has been established that a cybercriminal can take several paths to gain access to personal information, sell the data and fraudulently make use of such data.
Criminals know that many people repeat passwords in various places. For this reason, they can try to break into different websites and systems and steal personal information.
Fact-checkers are advised to change passwords to unique, hard to guess passwords which are likely difficult for hackers.
The list of passwords to avoid, according to a Forbes report, include: personal information, shorter passwords, common words or simple number combinations. The report also advised against not updating passwords regularly.
A study showed that the vast majority of cyber attacks come from relatively unsophisticated hackers using “dictionary scripts,” a type of software that runs through lists of common usernames and passwords attempting to break into a computer.
The researchers found the most common password-guessing ploy was to reenter or try variations of the username.
Fact-checkers are to ensure the use of two-factor authentication as this will prevent a hacker from logging in to their account even if the password is known.
Users can also leverage solutions and tools for such embedded use in some of the websites and services mentioned. For Haveibeenpwned, the 1Password.com is a tool password manager used to store and use strong passwords.
Similarly, for BreachAlarm, fact-checkers can get on to the service’s Email Watchdog which notifies them immediately their email addresses appear in a password breach.
With the above tools, you can operate safely as a journalist and fact-checker without being manipulated by hackers.
The researcher produced this media literacy article per the Dubawa 2021 Kwame Kari Kari Fellowship partnership with SaharaReporters to facilitate the ethos of “truth” in journalism and enhance media literacy in the country.