The International Press Institute (IPI) today warns that an unprecedented wave of cyber-attacks predominantly targeting independent media outlets in Hungary in recent months represents a serious and growing threat to the free flow of information in what arguably is already the European Union’s worst country for press freedom.

 

Since April 2023, at least 40 different media websites in Hungary have faced Distributed Denial of Service (DDoS) attacks, a form of cyber-attack which temporarily slows or crashes websites by overloading their servers with millions of simultaneous access requests, leaving readers unable to access news and information for hours at a time.

 

While the specific motive of these attacks remains unconfirmed, the majority of portals targeted in the DDoS attacks include many of the country’s leading independent media, including Telex, HVG, 444.hu, Magyar Hang, and Népszava, which are critical of the government of Prime Minister Viktor Orbán. International media companies hit by hackers include Forbes Hungary.

 

To date, no media outlet supportive of the ruling Fidesz party has been targeted in the current wave of attacks, according to IPI assessments, indicating a political or ideological motive. Index.hu, a formerly independent publication considered co-opted by, though not overtly supportive of, the government, was also targeted. In some cases, media were targeted for simply reporting on DDoS attacks against others, as in the case of Media1.

 

While the attacks initially appeared to be isolated incidents, the frequency and severity of the attacks increased in May and June and have caused serious damage and disruption to news websites. In addition to undermining reader’s access to news and information, DDoS attacks also result in financial losses for media companies due to diminished advertising revenue.

 

Many of the targeted websites were left inaccessible to readers for hours at a time, either until website administrators were able to minimize the damage or the DDoS attacks – which can require considerable costs to execute – were halted by the hackers. Waves of attacks have mostly occurred over successive weekends, when IT staff are most likely not to be working.

 

With more than 40 different media websites targeted, some multiple times, this campaign of DDoS attacks is understood to be one of the broadest cyber-attacks against an independent media community within a European Union member state to date, according to IPI’s analysis.

 

While some of the media involved have filed police reports, investigations have so far yielded no discernible progress. Police are understood to be investigating cases individually, rather than as part of a unified national investigation. The perpetrators of DDoS attacks are notoriously challenging to identify due to the variety of tools available to attackers to remain anonymous.

 

While no actor has claimed responsibility, the hacker or hackers appear to go by the nickname HANO – an acronym in Hungarian for a type of disorder which affects the human body. In recent months, they have also left messages in Hungarian behind in the code of attacks, indicating that they are being coordinated domestically, rather than by foreign actors. The attacker appears to demonstrate a knowledge of the Hungarian media landscape and individual journalists.

 

In other cases, messages were left in the code of DDoS attacks which warned of future attacks against certain media, only for those attacks to then be carried out at the precise date and time. The costs associated with this scale and duration of DDoS attacks, continuing over several months, also indicates that those responsible are relatively well-funded, according to experts.

 

Although IPI referred some independent media outlets in Hungary to Cloudflare’s Project Galileo – which provides cyber defences by redirecting overload attempts to its own servers – the attackers have found new ways to crash or drastically slow down websites. This further indicates the sophisticated offensive cyber capabilities of those responsible.

 

Major democratic and security threat

The DDoS attacks so far appear to follow a pattern of targeting critical and independent media websites and were in some cases aimed at smothering access to certain types of news reporting or investigations. In some cases, DDoS attacks began less than half an hour after the publication of reports critical of the government or entities connected to it.

 

Examples include a critical report about journalists from independent media not being allowed into a government press conference, or a critical report about the pro-government propaganda outlet Megafon. None of the attacks appear so far to be extortionate in nature, but rather intended to cause maximum disruption.

 

IPI Deputy Director Scott Griffen said the months-long DDoS campaign represented an insidious form of digital censorship and another form of pressure against critical and independent media in Hungary. He warned that while the current cyber-attacks were worrying enough for media freedom, the potential for them to be weaponized during elections in Hungary – when access to factual and independent journalism are more vital than ever – could also pose a major threat to election integrity and democracy.

 

“The potential for cyber attackers to cause major obstruction for citizen’s access to independent news reporting during periods like elections or protests are clear”, he said. “What we have been seeing in recent months could be the probing for weaknesses in advance of a major coordinated attack, which is why authorities need to act now to identify and put a halt to this democratic and security threat”, he said.

 

“IPI today calls on Hungarian law enforcement authorities to consolidate investigations into one major national probe, assisted by expert cybercrime officers and if necessary, intelligence agencies, aimed at identifying the source of these cyber-attacks, what their motive is, and how they are funded. Those responsible should face serious criminal cybercrime charges for their obstruction of free speech online and attacks on important media infrastructure.”

 

Griffen also called for greater international attention, particularly from the European Union, to the DDoS attacks against media in Hungary and the democratic threat they pose.

 

While multiple motives for the attacks were possible, he said, another theory could be that they are aimed simply at undermining business operations of independent media companies. DDoS attacks have led both to a loss of advertising revenue and forced some media to invest in stronger cyber defense capabilities, hitting balance books of the smaller news outlets in particular. Independent media in Hungary continue to face major threats to their viability.

 

DDoS attacks are not new to Hungary. In 2022, the website of the united opposition movement was hit with a powerful DDoS attack as it was in the process of conducting its pre-election for the nominee for Prime Minister. Around the same time, independent media platforms also faced isolated DDoS attacks. In July 2023, the website of the Budapest Pride was crashed for hours on the day it was due to hold LGTBQ+ events in the capital. In a recent attack on Hungarian outlet Media1, the attacker also left messages in the code which admitted that they were responsible for carrying out the attack on the Pride website.

 

In March 2022, several news websites belonging to right-wing and conservative media supportive of the government were also hit by hackers claiming to be from Anonymous, with the justification that the media were supporting Russia’s war on Ukraine. At the time, the DDoS attacks drew a strong statement from the then Justice Minister Judit Varga. By contrast, no government official has yet condemned the attacks on independent media. The perpetrators of the 2022 cyber attacks were never identified.

 

Although DDoS attacks affect major media companies around the world, including in Europe in recent months, the financial resources and specialized security apparatus available to larger media companies mean that such cyber attacks are frustrating but cause little disruption.

 

DDoS attacks are broadly aimed at identifying and then exploiting vulnerabilities in website and server systems. They work by flooding these systems with what appears to be legitimate internet traffic from multiple locations, which overwhelms bandwidth or server capacity, significantly slowing or crashing websites. Efforts to protect against DDoS generally involve blocking the IP addresses of illegitimate access requests. Often this means mitigating attacks rather than stopping them outright. Attacks can be carried out via botnets – networks of infected computers and other digital devices around the world – making it very difficult to trace the perpetrators.

 

Media1 has been tracking the DDoS attacks on its website. IPI has been documenting these cases on the Mapping Media Freedom (MMF) platform and the Council of Europe Platform for the Safety of Journalists.

 

IPI has been working with our members and other independent media organizations in Hungary in recent months to help bolster their cyber-security defences.

 

Click here for more of IPI’s reporting and advocacy on Hungary

This statement was coordinated by the International Press Institute (IPI) as part of the Media Freedom Rapid Response (MFRR), a Europe-wide mechanism which tracks, monitors and responds to violations of press and media freedom in EU Member States and candidate countries. 

In January 2023, Hungarian investigative media outlet Átlátszó and its editor-in-chief, Tamás Bodoky, became the target of the latest smear campaign in pro-government news outlets aimed at discrediting what remains of the country’s independent media.

 

In the latest escalation of this pressure, Átlátszó and its journalists faced accusations in pro-government media of “betraying” the nation, attacking Hungarian minorities in neighbouring countries, working for foreign interests and being a national security risk, due to their collaboration in a cross-border investigative project.

 

The unsubstantiated attacks were made in a series of articles published over consecutive weeks in media owned by allies of the Fidesz government, including the Magyar Nemzet daily, which is part of the pro-government KESMA conglomerate.

 

These texts about Átlátszó’s non-profit funding model included allegations that Átlátszó was receiving “Judas money” and being a “criminal association” involved in treason and anti-national activities. In a second defamatory article in Magyar Nemzet, Bodoky was directly referred to as a liar and a “national traitor”.

 

In a common pattern, these initial media smears were echoed by a pro-government foundation and then amplified in what appear to be a coordinated manner by the national news agency MTI, public broadcaster Magyar Televízió and dozens of regional media outlets which are part of KESMA, spreading them to a wider audience.

 

“It reminds us of the methods of Putin’s Russia and hints at a coordinated campaign, when first the government newspaper attacks us, mentioning a foreign agency and national treason, and then the government’s favourite pseudo-civilian organization urges intelligence intervention”, Bodoky said in response to the attacks.

 

Átlátszó and Bodoky were targeted over the media outlet’s role in a cross-border investigative project called “Hungarian Money” (hungarianmoney.eu), which was conducted in 2020 and led by Átlátszó Erdély, a Hungarian-language investigative outlet based in Romania. Five editorial teams from five European countries, including Átlátszó, investigated how the Orbán government spent at least €670 million in Hungarian minority organizations in neighbouring Romania, Slovakia, Slovenia and Croatia over the past decade, and how it uses this “soft power” to exert influence abroad.

 

The project received funding from Investigative Journalism for Europe (IJ4EU), which is coordinated by the International Press Institute (IPI). IJ4EU supports cross-border investigations of public interest in the EU. It is financially backed by the European Commission and other donors but operates independently.

Wider pattern of discreditation

While the smear campaign was denounced by Átlátszó’s investigative partners in a joint statement and multiple journalists expressed solidarity with its team, concerns remain that these kinds of articles continue to act as an incitement of hostility and distrust towards Átlátszó and its journalists.

 

Far from being an isolated incident, in the past year Átlátszó and other of the country’s remaining independent media, including most recently Telex, have continued to face persistent attacks in government-aligned news outlets smearing them for receiving funding from abroad.

 

In recent months, the new buzzword in this strategy has been “dollar media”, accompanied by accusations that media are in the pocket of U.S or other unspecified foreign interests or of Hungarian-born billionaire businessman and philanthropist George Soros.

 

This follows a wider pattern in Hungary, outlined in a 2022 IPI report, that media critical of the government are smeared in an intertwined network of pro-government media as organs of misinformation spreading “fake news” in service of political opposition or foreign governments. These attacks often act as a signpost for online abuse and harassment of journalists. However, so far this harassment normally takes the form of insults from trolls rather than serious intimidation or death threats.

 

Economic asphyxiation of independent media

The focus on the recent ire on foreign funding sources also points to another phenomenon in the Hungarian media ecosystem: that under successive Fidesz governments, critical and independent media outlets have been systematically drained of state advertising funding, forcing some to seek project grants financed from abroad to stay afloat while also retaining their editorial independence.

 

This economic isolation is part of a wider campaign of media capture undertaken by the Fidesz government over the past decade, which has involved the coordinated exploitation of legal, regulatory and economic power to gain control over public media, concentrate private media in the hands of allies, and distort the market to the detriment of independent journalism.

 

In this captured media ecosystem, Fidesz has calibrated the market in its favour by rewarding alignment with its narrative while starving critical media of lucrative advertising funding from ministries and other state institutions. This carrot-and-stick approach has seen independent media excluded from advertising and other subsidies altogether, with public money channelled to finance Fidesz’s media empire. Many of these media in turn serve political interests by acting as the attack dogs of the government against its critics at home and abroad.

 

In the face of this economic climate, grants from foreign donors and the European Union have proven to be a lifeline for what remains of Hungary’s shattered independent media market. Set against the backdrop of the coordinated erosion of media pluralising recent years, is little surprise then that this financial support has been firmly placed in the crosshairs of the Fidesz media machine.

This article was originally published by IPI as part of the Media Freedom Rapid Response (MFRR), a Europe-wide mechanism which tracks, monitors and responds to violations of press and media freedom in EU Member States and Candidate Countries.