Everything They Don’t Tell You: When Hackers Talk To The Press (Ethics, Fiction and Fact)

One theme (or “subtext”) of AltSciFi is to highlight the ways in which science journalism is often better categorized as science fiction.

The points and comments outlined below are culled from a presentation by well-regarded information security journalist Violet Blue. The mainstream journalistic world often misrepresents the work of information security professionals (“white-hat hackers” or “ethical hackers”), and the credulous, naive public is easily mislead. This can even result in harsh prison sentences based on inflated charges for absurd accusations of espionage or “cyberterrorism”.

Dade Murphy (Jonny Lee Miller) from Hackers (1995): ''

My BLT drive on my computer just went AWOL, and I have this big project due tomorrow for Mr Kawasaki. If I screw up, he’s gonna ask me to commit hari-kari! Yeah, well, you know… these Japanese management techniques. — Dade Murphy, Hackers (1995)

Separating fact from fiction enables us to enjoy and learn more from both. Then the blend of science and imagination can give us a healthy dose of escapism without losing sight of the necessary insights from both art and technology.

Plus, if you’re creating fiction and want to design a credible dystopian mediascape, it’s useful to know what one might look like in the near future. The points and comments below offer a glimpse of what may come and a basis for realistic sci-fi extrapolation. We’ll soon explore more deeply along similar lines.

Journalism is important. We can’t only rely on sci-fi to tell us about how our world may turn out, after all. As consumers, it’s equally crucial to be able to discern when entertainment is disguised as news — or when the news is flat-out wrong.

Why do journalists get infosec reporting so wrong?

A few reasons why:

– a sector that still barely “gets” the Internet now reports on (and interprets) technical issues and subcultures
– lack of accountability
– mainstream reporting perceives tech reporters as inexperienced, security bloggers as not credible
– the powerful/established institutions are mired in bureaucracy
– reporters at large outlets don’t know how to fact-check infosec, or interpret jargon, culture or history
– individual agendas poison the arena
– media still follows a “describe the problem, say who is to blame” script
– the success of mainstream media relies on making stories simple (not realistic)
– they’ll get it wrong just to be first
– it’s now a rockstar arena where non-mainstream reporters are sidelined (in favor of) opportunists

Examples of Malfeasance

– CNET reporter covertly filmed Defcon attendees/talk 1
– Wired reporter recorded interviewees without consent (Kaspersky)
– Forbes reporter published content of Twitter DMs without permission
– NYT reporter = Mandiant mouthpiece 2
– VICE editor ignored reporter demand to sanitize photo location data (resulting in arrest of course) 3 4
– Wired reporter asking “do you have privileged information?”
– Forbes reporter published detailed business information without consent
– Freelance journo quoted inappropriate party conversation, naming the source
– Australian newspaper identified nationality and location of hacker (specific)
– AP reporter (uncredentialed) covertly interviewing ShmooCon party attendees
– Scientific American released a source’s name

What to know

– interview techniques
– “stop before you start”
– stop talking
– prepare answers to questions you hope they don’t ask you
– never say “no comment”
…and if you insist on saying “no comment”, don’t ever start a sentence with, “no comment, but…”
– prepare to tell them what you’re there to talk about
– ask what the interview/story is about before you talk
– find out when/where the story will run
– never be desperate to be included
– never relax and (never) run on autopilot
– never guess, or say anything you don’t know as fact
– prioritize your points before
– make your terms (anonymity, citation/title, opsec) crystal clear

– you are part of a preplanned storyboard and a deliverable product
– you are being used to fill in a narrative
– you have rights (when dealing) with media
– you control the conversation
– always expect an ambush
– you will have social engineering techniques used on you
– there is no such thing as “off the record” 5

Cyberactivism (and/or “hacktivism”) is one way to help inform the world before the dystopias of science fiction become real. If the mainstream news media maintains its current stance of bleeding into “entertainment” by seeking sensationalism over substance in relation to information security, we may lose our best line of defense against totalitarianism, both at home and abroad — wherever you live. By the time white-hat hackers are our only hope, it will probably be too late. Our world is inextricably connected now. Either we stand together, or we all fall one by one.

Primary source: Violet Blue presenting at InfoSec Southwest, ISSW 2015. Awarded author, notorious journo, constant controversy, hacking and cybercrime. CNET, Zero Day/ZDNet, CBSNews, CIR, IPG. You can also find her book, “The Smart Girl’s Guide to Privacy: A Privacy Guide for the Rest of Us”, on Amazon.com by clicking here (click here).

You Want Moar? Further Resources

  1. Defcon drama: Undercover reporter bolts after outing
    Michelle Meyers ( @meymichelle)
  2. Mandiant, the Go-To Security Firm for Cyber-Espionage Attacks
    Brad Stone and Michael Riley
  3. Vice leaves metadata in photo of John McAfee, pinpointing him to a location in Guatemala
    Alex Wilhelm ( @alex)
  4. Dear Journalists at Vice and Elsewhere, Here Are Some Simple Ways Not To Get Your Source Arrested
    Kashmir Hill ( @kashhill)
  5. Why you should never agree to be interviewed by the police. (Youtube, 48min 39sec)
    James Duane and George Bruch
Advertisements

One thought on “Everything They Don’t Tell You: When Hackers Talk To The Press (Ethics, Fiction and Fact)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s