Journalists: How hacking details matter

When I write my definitive guide for journalists covering hacking, I’m going to point out how easy it is for journalists to misunderstand the details of a story — especially when they change the details to fit the story they want to tell.

For example, there is the notorious "CIA hacked Senate computers" scandal. In fact, the computers in question were owned by the CIA, located in a CIA facility, and managed/operated by CIA employees. You can’t "hack" computers you own. Yes, the CIA overstepped the bounds of an informal agreement with the Senate committee overseeing them, but in no way did anything remotely like "hacking" occur.

This detail matter. If the CIA had truly hacked the Senate committee, that would be a constitutional crisis. A small misstep breaking an informal agreement is not.

A more recent example is this story, which mentions that AlfaBank-Trump connection, claiming the server was in Trump Tower [*]:

What about the computer server at Trump Tower?
Several news media outlets have reported that investigators last year were puzzled by data transmissions between a computer server at Trump Tower and a computer server associated with a Russian bank. Although Mr. Trump on Twitter talked about his “phones,” in theory a judge might determine that the computer address of the server in the tower was a facility being used by a foreign power, Russia, to communicate, and authorize surveillance of it.

No, the server was not located in Trump Tower. It was located outside Philadelphia. It’s owned and operated by a company called Listrak. There’s no evidence anybody in the Trump Organization even knew about the server. It was some other company named Cendyn who decided to associate Trump’s name with the server. There’s no evidence of communication between the server and Alfa — only evidence of communication about the server from Alfa.

The details are important to the story, because it’s trying to show how a judge "might determine that the computer … in the tower was a facility being used by a foreign power". If it’s not anywhere near or related to the Trump Tower, no such determination could be made.

Then there was that disastrous story from the Washington Post about Russia hacking into a Vermont power plant [*], which still hasn’t been retracted despite widespread condemnation. No such hacking occurred. Instead, the details of what happened is that an employee checked Yahoo mail from his laptop. The night before, the DHS had incorrectly configured its "Einstein" intrusion detection system to trigger on innocent traffic with Yahoo as an indicator of compromise from Russian hackers.

You can see how journalists make these mistakes. If CIA is spying on computers used by Senate staffers, then the natural assumption is that the CIA hacked those computers. If there was a server associated with the Trump Organization, however tenuous, it’s easy to assume a more concrete relationship, such as the server being located in Trump’s offices. You can see how once the DHS claims there was a hack, and you’ve filled your stories with quotes from senators pontificating about the meaning of such hacks, it’s very difficult to retract the story when the details emerge there was nothing remotely resembling a hack.

I’m not trying to claim that journalists need to be smarter about hacking. I’m instead claiming that journalists need to be smarter about journalism. The flaws here all go one way — toward the sensational. Instead of paying attention to the details and questioning whether such sensationalism was warranted, journalists did the reverse.

Also, I’m trying to point out how journalists seem to collude on this. They all piled on with misunderstandings about the "CIA hacking", such that it became impossible for a journalist not to agree that this is what happened. The original reporting on the Alfa connection was crap, though it becomes real when other reporters repeat the claims. The Vermont hacking story is too juicy for reporters not to repeat, even when they know it’s completely bogus.

Source: Security Bloggers Network @ March 6, 2017 at 09:07AM

0
Share