Module: Malware

- The Latest Issues
  Regular reporting on government secrecy, surveillance, and the rights of reporters and whistleblowers.
  - Key Issues
  - News Releases
- Technology
  Working open source software products to protect journalists, newsrooms, and their sources.
  - SecureDrop
  - Dangerzone
- U.S. Press Freedom Tracker
  A database of press freedom incidents in the United States.
  - Data visualizations
  - Explore the database
- Digital Security Education
  Digital security trainings and resources for journalists.
  - Request a Training
  - Guides & Resources
- About Us
  Protecting and defending press freedom when we need it the most.
- Our Team
  - Staff & Contributors
  - Board of Directors
- Transparency
  - Reports & Financials
  - Announcements
- Get in Touch
  - Jobs & Internships
  - Contact Us
Donate

This short module opens with a short introduction to malware with a video, followed by slides with a few examples of malware targeting journalists, and finally, opening up to a discussion of how students understand the likelihood of this happening in their work, and what they should do in response.

Prerequisites

Threat modeling

Estimated time

30-35 minutes

Objectives

Upon successful completion of this lesson, students will be able to identify common functions and techniques for distributing malware.
Students will be able to construct a risk minimization strategy.

Why this matters

Some of the most commonly used files that journalists open every day (e.g., .pdf, .docx files) are also some of the most common vectors for introducing malware into systems. Because journalists are among the most common targets of malware in the world, it's important to understand what malware is capable of, and common ways may be introduced into a system. In addition, by seeing how the success of most malware depends on unpatched software, students can see in concrete terms why security updates should be viewed as an asset, rather than a burden.

Homework

(Before class)

Watch this short video introducing Remote Access Trojans: "Trojans and RATs - CompTIA Security+"
Read this report from Citizen Lab, tracking the use of Pegasus malware by state attackers against remote journalists working with U.S. news organizations: "Stopping the Press: New York Times Journalist Targeted by Saudi-linked Pegasus Spyware Operator"
Read about KQED newroom's response to ransomware attack: "The Crippling Ransomware Attack on a San Francisco NPR Member Station"
Read this, from Freedom of the Press Foundation on the limitations of antivirus: "What about antivirus?"

Sample slides

Malware (Google Slides)

Activities

Watch this short video introducing malicious software: "Malware - Security Awareness Video"

Questions for discussion

When was the last time you clicked a link from a text message?
How realistic do you think a Pegasus-like attack is against you? How about your colleagues?
Remember: Jamal Khashoggi's phone was not the one Citizen Lab found was hit with Pegasus malware, but instead, his associate's phone. How might the individuals who you work with influence your likelihood of receiving malware?

Note: Our hope is to get students to think about the specific circumstances; the real answer is it depends on your threat model as individuals and as a group.

Check out the Electronic Frontier Foundation's malware handout.