Foreign cyber attack targets production of U.S. newspapers

by Kim Boateng Posted on December 31st, 2018

A cyber attack that appears to have originated from outside the United States is causing major printing and delivery disruptions at several newspapers across the country.

The attack led to distribution delays in the Saturday edition of The Los Angeles Times, The San Diego Union-Tribune, The Chicago Tribune, Baltimore Sun and several other major newspapers that operate on a shared production platform.

It also stymied distribution of the west coast editions of The Wall Street Journal and New York Times, which are all printed at the Los Angeles Times‘ Olympic printing plant in downtown Los Angeles.

“We believe the intention of the attack was to disable infrastructure, more specifically servers, as opposed to looking to steal information,” said the source, who spoke on the condition of anonymity because he was not authorised to comment publicly.

No other details about the origin of the attack were immediately available, including the motive. The source identified the attacker only as a “foreign entity”.

All papers within The Los Angeles Times‘ former parent company, Tribune Publishing, experienced glitches with the production of papers.

Tribune Publishing sold The Los Angeles Times and The San Diego Union-Tribune to Los Angeles businessman Dr Patrick Soon-Shiong in June, but the companies continue to share various systems, including software.

“Every market across the company was impacted,” said Marisa Kollias, spokeswoman for Tribune Publishing.

She declined to provide specifics on the disruptions, but the company properties include The Chicago Tribune, Baltimore Sun, Annapolis Capital-Gazette, Hartford Courant, New York Daily News, Orlando Sentinel and Fort Lauderdale Sun-Sentinel.

Tribune Publishing said in a statement on Saturday that “the personal data of our subscribers, online users, and advertising clients has not been compromised”.

“We apologise for any inconvenience and thank our readers and advertising partners for their patience as we investigate the situation. News and all of our regular features are available online.”

The LA Times said the problem was first detected on Friday. Technology teams made significant progress in fixing it, but were unable to clear all systems before press time.

Director of Distribution Joe Robidoux said he expects the majority of Los Angeles Times subscribers would receive their paper on Saturday, but delivery would be late.

For print subscribers that did not receive Saturday’s paper, they will receive the paper with their regularly scheduled delivery of the Sunday edition.

The attack seemed to have begun late Thursday night and by Friday had spread to crucial areas needed to publish the paper.

The computer problem shut down a number of crucial software systems that store news stories, photographs and administrative information, and made it difficult to create the plates used to print the papers at downtown plant.

“We are trying to do work-arounds so we can get pages out. It’s all in production. We need the plates to start the presses. That’s the bottleneck.” Robidoux said.

The Ventura County Star, owned by Gannett Co. Inc., said it was also affected.

“Usually when someone tries to disrupt a significant digital resource like a newspaper, you’re looking at an experienced and sophisticated hacker,” said Pam Dixon, executive director of the World Privacy Forum, a non-profit public interest research group.

An advisory by the U.S. Department of Health and Human Services’ cybersecurity program earlier this year described “Ryuk” attacks as “highly-targeted, well-resourced and planned.”

Mark Weatherford, a former DHS deputy under secretary for cybersecurity who is now chief cybersecurity strategist at California-based vArmour, said Sunday that phishing links are the most common way such attacks gain entry.

“It’s fairly non-discriminatory. This could happen to anybody, although it seems to be more of a targeted attack,” Weatherford said. He added, however, that it was too early to draw conclusions.

Tribune Publishing also reported the attack to the FBI on Friday, the Chicago Tribune said. The FBI did not immediately return a message seeking comment Sunday.

Leave a Reply