In the current D.C. climate on Russia, all relevant journalistic incentives encourage and reward false news.
Glenn Greenwald writes: In the past six weeks, the Washington Post published two blockbuster stories about the Russian threat that went viral: one on how Russia is behind a massive explosion of “fake news,” the other on how it invaded the U.S. electric grid. Both articles were fundamentally false. Each now bears a humiliating editor’s note grudgingly acknowledging that the core claims of the story were fiction: The first note was posted a full two weeks later to the top of the original article; the other was buried the following day at the bottom.
The second story on the electric grid turned out to be far worse than I realized when I wrote about it on Saturday, when it became clear that there was no “penetration of the U.S. electricity grid” as the Post had claimed. In addition to the editor’s note, the Russia-hacked-our-electric-grid story now has a full-scale retraction in the form of a separate article admitting that “the incident is not linked to any Russian government effort to target or hack the utility” and there may not even have been malware at all on this laptop.
But while these debacles are embarrassing for the paper, they are also richly rewarding. That’s because journalists — including those at the Post — aggressively hype and promote the original, sensationalistic false stories, ensuring that they go viral, generating massive traffic for the Post (the paper’s executive editor, Marty Baron, recently boasted about how profitable the paper has become).
After spreading the falsehoods far and wide, raising fear levels and manipulating U.S. political discourse in the process (both Russia stories were widely hyped on cable news), journalists who spread the false claims subsequently note the retraction or corrections only in the most muted way possible, and often not at all. As a result, only a tiny fraction of people who were exposed to the original false story end up learning of the retractions.
Baron himself, editorial leader of the Post, is a perfect case study in this irresponsible tactic. It was Baron who went to Twitter on the evening of November 24 to announce the Post’s exposé of the enormous reach of Russia’s fake news operation, based on what he heralded as the findings of “independent researchers.” Baron’s tweet went all over the place; to date, it has been re-tweeted more than 3,000 times, including by many journalists with their own large followings:
Russian propaganda effort helped spread fake news during election, say independent researchers https://t.co/3ETVXWw16Q
But after that story faced a barrage of intense criticism — from Adrian Chen in the New Yorker (“propaganda about Russia propaganda”), Matt Taibbi in Rolling Stone (“shameful, disgusting”), my own article, and many others — including legal threats from the sites smeared as Russian propaganda outlets by the Post’s “independent researchers” — the Post finally added its lengthy editor’s note distancing itself from the anonymous group that provided the key claims of its story (“The Post … does not itself vouch for the validity of PropOrNot’s findings” and “since publication of the Post’s story, PropOrNot has removed some sites from its list”).
What did Baron tell his followers about this editor’s note that gutted the key claims of the story he hyped? Nothing. Not a word. To date, he has been publicly silent about these revisions. Having spread the original claims to tens of thousands of people, if not more, he took no steps to ensure that any of them heard about the major walk back on the article’s most significant, inflammatory claims. He did, however, ironically find the time to promote a different Post story about how terrible and damaging Fake News is:
Whether the Post’s false stories here can be distinguished from what is commonly called “Fake News” is, at this point, a semantic dispute, particularly since “Fake News” has no cogent definition. Defenders of Fake News as a distinct category typically emphasize intent in order to differentiate it from bad journalism. That’s really just a way of defining Fake News so as to make it definitionally impossible for mainstream media outlets like the Post ever to be guilty of it (much the way terrorism is defined to ensure that the U.S. government and its allies cannot, by definition, ever commit it).
But what was the Post’s motive in publishing two false stories about Russia that, very predictably, generated massive attention, traffic, and political impact? Was it ideological and political — namely, devotion to the D.C. agenda of elevating Russia into a grave threat to U.S. security? Was it to please its audience — knowing that its readers, in the wake of Trump’s victory, want to be fed stories about Russian treachery? Was it access and source servitude — proving it will serve as a loyal and uncritical repository for any propaganda intelligence officials want disseminated? Was it profit — to generate revenue through sensationalistic click-bait headlines with a reckless disregard to whether its stories are true? In an institution as large as the Post, with numerous reporters and editors participating in these stories, it’s impossible to identify any one motive as definitive. Read the rest of this entry »
Fake News: This narrative was false and as the chronology below will show, illustrates how effectively false and misleading news can ricochet through the global news echo chamber through the pages of top tier newspapers that fail to properly verify their facts.
Kalev Leetaru writes: On Friday the Washington Post sparked a wave of fear when it ran the breathless headline “Russian hackers penetrated U.S. electricity grid through a utility in Vermont, U.S. officials say.” The lead sentence offered “A code associated with the Russian hacking operation dubbed Grizzly Steppe by the Obama administration has been detected within the system of a Vermont utility, according to U.S. officials” and continued “While the Russians did not actively use the code to disrupt operations of the utility, according to officials who spoke on condition of anonymity in order to discuss a security matter, the penetration of the nation’s electrical grid is significant because it represents a potentially serious vulnerability.”
“From Russian hackers burrowed deep within the US electrical grid, ready to plunge the nation into darkness at the flip of a switch, an hour and a half later the story suddenly became that a single non-grid laptop had a piece of malware on it and that the laptop was not connected to the utility grid in any way.”
Yet, it turns out this narrative was false and as the chronology below will show, illustrates how effectively false and misleading news can ricochet through the global news echo chamber through the pages of top tier newspapers that fail to properly verify their facts.
“Only after numerous outlets called out the Post’s changes did the newspaper finally append an editorial note at the very bottom of the article more than half a day later saying ‘An earlier version of this story incorrectly said that Russian hackers had penetrated the U.S. electric grid. Authorities say there is no indication of that so far. The computer at Burlington Electric that was hacked was not attached to the grid.’”
The original article was posted online on the Washington Post’s website at 7:55PM EST. Using the Internet Archive’s Wayback Machine, we can see that sometime between 9:24PM and 10:06PM the Postupdated the article to indicate that multiple computer systems at the utility had been breached (“computers” plural), but that further data was still being collected: “Officials said that it is unclear when the code entered the Vermont utility’s computers, and that an investigation will attempt to determine the timing and nature of the intrusion.” Several paragraphs of additional material were added between 8PM and 10PM, claiming and contextualizing the breach as part of a broader campaign of Russian hacking against the US, including the DNC and Podesta email breaches.
“Just as with the Santa Claus and the dying child story, the Post story went viral and was widely reshared, leading to embarrassing situations like CNBC tweeting out the story and then having to go back and retract the story.”
Despite the article ballooning from 8 to 18 paragraphs, the publication date of the article remained unchanged and no editorial note was appended, meaning that a reader being forwarded a link to the article would have no way of knowing the article they were seeing was in any way changed from the original version published 2 hours prior.
Yet, as the Post’s story ricocheted through the politically charged environment, other media outlets and technology experts began questioning the Post’s claims and the utility company itself finally issued a formal statement at 9:37PM EST, just an hour and a half after the Post’s publication, pushing back on the Post’s claims: “We detected the malware in a single Burlington Electric Department laptop not connected to our organization’s grid systems. We took immediate action to isolate the laptop and alerted federal officials of this finding.”
“Particularly fascinating that the original Post story mentioned that there were only two major power utilities in Vermont and that Burlington Electric was one of them, meaning it would have been easy to call both companies for comment.”
From Russian hackers burrowed deep within the US electrical grid, ready to plunge the nation into darkness at the flip of a switch, an hour and a half later the story suddenly became that a single non-grid laptop had a piece of malware on it and that the laptop was not connected to the utility grid in any way.
However, it was not until almost a full hour after the utility’s official press release (at around 10:30PM EST) that the Post finally updated its article, changing the headline to the more muted “Russian operation hacked a Vermont utility, showing risk to U.S. electrical grid security, officials say” and changed the body of the article to note “Burlington Electric said in a statement that the company detected a malware code used in the Grizzly Steppe operation in a laptop that was not connected to the organization’s grid systems. The firm said it took immediate action to isolate the laptop and alert federal authorities.” Yet, other parts of the article, including a later sentence claiming that multiple computers at the utility had been breached, remained intact.
“One driving force of fake news is that as much of 60% of the links shared on social media are shared based on the title alone, with the sharer not actually reading the article itself. Thus, the title assigned to an article becomes the story itself and the Post’s incorrect title meant that the story that spread virally through the national echo chamber was that the Russians had hacked into the US power grid.”
The following morning, nearly 11 hours after changing the headline and rewriting the article to indicate that the grid itself was never breached and the “hack” was only an isolated laptop with malware, the Post still had not appended any kind of editorial note to indicate that it had significantly changed the focus of the article.
This is significant, as one driving force of fake news is that as much of 60% of the links shared on social media are shared based on the title alone, with the sharer not actually reading the article itself. Thus, the title assigned to an article becomes the story itself and the Post’s incorrect title meant that the story that spread virally through the national echo chamber was that the Russians had hacked into the US power grid.
Only after numerous outlets called out the Post’s changes did the newspaper finally append an editorial note at the very bottom of the article more than half a day later saying “An earlier version of this story incorrectly said that Russian hackers had penetrated the U.S. electric grid. Authorities say there is no indication of that so far. The computer at Burlington Electric that was hacked was not attached to the grid.”
Yet, even this correction is not a true reflection of public facts as known. The utility indicated only that a laptop was found to contain malware that has previously been associated with Russian hackers. Read the rest of this entry »
…I’m talking about seizing control of industrial control systems. These ubiquitous hidden computers have gradually and quietly been put in charge of all manner of critical infrastructure—including nuclear power plants, the grid, water and gas pipelines, refineries, air traffic control, trains, factories, you name it.
Unlike the computers we use in our daily lives, these computers are largely invisible. They don’t have screens or keyboards. Most people aren’t aware that they exist. And yet they are embedded in low-level processes. They are everywhere because they create tremendous efficiencies and cost savings, and because they exist almost as an afterthought, they are often completely insecure. They often don’t run anti-virus software and by and large no one bothers to scan them to see if they might be infected with malicious software. And guess what? They often are connected to the Internet where a clever hacker half a world away can get access to them!
The threat is not hypothetical. There have been almost 750 control system cyber events (including both malicious and unintentional incidents). They’ve had a global impact. Industries have included power companies, pipelines, dams, planes, and trains. Why hasn’t the public heard about them? Most often because the victims didn’t realize it since they didn’t have the right forensics….(read more)
Leading cybersecurity expert Joseph Weiss writes about how vulnerable America’s computer systems are. He features in the NOVA documentary ‘CyberWar Threat,’ premiering Oct. 14 on PBS.
WASHINGTON – Apple is known for keeping a pretty tight leash on apps, often blocking or refusing to sell programs it deems too offensive or too sexually suggestive.
The creator of an app that tracks published reports of American drone strikes around the world probably figured his program was in no danger of running afoul of Apple’s strict rules.
But this week, Metadata+ was removed from the App Store for having “excessively rude or objectionable content,” reports CNet.
Some of the most popular Chinese apps in Apple’sApp Store were found to be infected with malicious software in what is being described as a first-of-its-kind security breach. Here’s how it happened.
Tom Rogan writes: ‘We have a lot of information about people, and that is something that our adversaries want.”
That’s how Donna Seymour, an Office of Personnel Management (OPM) official recently described the OPM hacking to a reporter for the Washington Post. As we found out yesterday, in April, Chinese hackers intruded OPM networks and potentially acquired the personal information of 4 million U.S. government employees.
“China has exceptionally capable, experienced, and wide-ranging cyber-hacking forces. These units are experts at both physical access and remote penetration of network-security systems.”
So how did this happen? Well, according to an OPM press release, the agency has been upgrading its network security over the past year. That said, yesterday’s press release also notes that it was only after the April hacking that OPM focused on “restricting remote access for network administrators…and deploying anti-malware software” against
programs that might “compromise the network.” In short, OPM hasn’t beenmoving fast enough to prevent hacking.
“In short, everything you would never want your enemy to know about you – from a counterintelligence viewpoint, this breach represents a true nightmare scenario.”
Regardless, it makes sense that China was involved in the intrusion. For a start, China has exceptionally capable, experienced, and wide-ranging cyber-hacking forces. These units are experts at both physical access and remote penetration of network-security systems.
Moreover, China has a penchant for attacking the OPM. In July last year, the New York Times reported on China’s hacking of OPM information on applicants for top-secret security clearances.
That the OPM didn’t urgently upgrade its security after that 2014 incident is inexcusable. We’ve paid the price in our damaged national security. Read the rest of this entry »
Malware trap Brings New Zealand’s Internet to its Knees
AFP – It is believed a handful of computer users clicked links on Friday evening believing they would take them to the illicit images, but instead they inadvertently installed malware triggering a crippling Internet attack.
“For obvious reasons, clicking on links to ‘naked celebrity’ photos, or opening email attachments would be a very bad idea right now, expect criminals to ride this bandwagon immediately.”
It took telecommunications giant Spark, the rebranded Telecom Corp., until Sunday to fully repair what it termed a “dynamic” cyber-attack that overloaded its system covering more than 600,000 customers.
“Our scanning brought to our attention some freshly-concocted schemes targeting those looking for the photos borne from the aforementioned leak.”
Infected computers at work are often the result of top execs watching pornography. Credit: Man using laptop image via Shutterstock
Chad Brooks reports: While employees may get the brunt of the blame for security breaches, company leaders are doing their fair share of damage as well, a new study finds.
Research from ThreatTrack Security revealed that 40 percent of security professionals found that a device used by a member of their company’s senior leadership team had been infected by malware because of a visit to a pornographic website, and nearly 60 percent of the security professionals surveyed have cleaned malware from a device after an executive clicked on a malicious link or was duped by a phishing email.
In addition, 45 percent of respondents said they have found malware on a senior leader’s device because the executive allowed a family member to use it, with one-third of security professionals discovering it on an executive’s mobile devices because they installed a malicious app.
BRYANT JORDAN writes: Getting the military’s cyber forces to focus more on the most serious threats to U.S. national security means getting away from a whack-a-mole-like strategy now used to find and remove malware in the system, officials from Google and Lockheed told a crowd of soldiers Wednesday.
Most of what cyber soldiers deal with is malware living in a system that can be exploited by an enemy, according to Jim Young, U.S. ArmyAccount Executive for Google Enterprise Transformation.
It’s a common problem, but one that should not happen, he said at the last panel session at the Association of the U.S. Army’s annual conference in Washington D.C.
“This notion that persistent malware can stay on your machine should not happen,” he said. “The technology is out there today to erase it, or not make it an attack factor. So I encourage you … to start looking at opportunities that fundamentally change how you probe cyber security. Do not do incremental. It will not get you where you need to be.”
Americans' daily coffee ritual... Come right into our friendly, rhythmic ambiance, It’s an enjoin where you can always explore our breakfast, brunch and coffee selections.