How many red flags can we count in this Bloomberg BusinessWeek piece on WikiLeaks?

First there’s the headline:

Is Wikileaks Hacking For Secrets?

I, like my colleague Lauren Kirchner, have a real problem with question headlines, which seem to have proliferated in recent years. On the bright side, they’re good leads for critics like us: It’s a sure sign that the reporter can’t answer the question and a possible sign that they shouldn’t have written the piece in the first place. In this case it turns out to be both.

The second red flag is the subhed:

Internet security company Tiversa says WikiLeaks may be exploiting a feature in peer-to-peer file-sharing applications to search for classified data

“Internet security company Tiversa says,” huh? Who the heck is Tiversa? It ain’t exactly McAfee or whatever.

More importantly, an Internet security company has an incentive to pitch stories that make it seem like Internet security is really, really bad. That way you’ll buy their services. Here’s how Tiversa describes what it does:

Tiversa provides P2P Intelligence and Security services to corporations, government agencies and individuals based on patented technologies that can monitor over 500 million users issuing 1.6 billion searches a day.

The third flag is all the weasel words in the key paragraph explaining the “evidence” (emphasis is mine):

Except that WikiLeaks, according to Internet security company Tiversa, appears to have hunted down that military document itself. Tiversa says the group may have exploited a feature of file-sharing applications such as LimeWire and Kazaa that are often used to swap pirated copies of movies and music for free. If, for example, a Pentagon employee were to log on to such a peer-to-peer network (an array of disparate computers with no central hub) to download a movie, he could possibly expose every last e-mail and spreadsheet on his PC to prying eyes. That’s because some peer-to-peer, or P2P, applications may scan users’ hard drives for shareable files. Not turning that feature off, or specifying which parts of the hard drive may be searched, leaves the door wide open.

Hmm. So a P2P security company says Wikileaks “appears to have” hacked into military computers and “may have” used P2P to do it. What’s wrong with this picture?

And BBW (the story originally ran at Bloomberg) continues on with its reckless speculation via weasel word:

The possibility that the site is systematically ransacking computers may offer prosecutors an alternate path to get the group and its founder into a U.S. courtroom.

Neatly enough for Tiversa, BizWeek plays along with the cloak and dagger stuff:

To conduct a massive search of networks around the world, huge amounts of computing horsepower and bandwidth are required.

Tiversa has plenty of both. In a secure room at the company’s headquarters in Cranberry Township, Pa., banks of servers create a minute-by-minute map of what is effectively a global treasure trove of secrets. In a brief demonstration of what’s out there for the taking, a Tiversa analyst taps a few keys, and up pops the cell phone number of actress Lucy Liu along with the pseudonym she uses to check into hotels—attached to a production company document clearly labeled “not to be made public.” There are several draft chapters of a book by white supremacist David Duke, as well as a spreadsheet of all the donors to his cause. Assange has told interviewers that his group has damaging information on pharmaceutical, energy, and financial companies; (Tiversa CEO Robert) Boback confirms that confidential corporate documents are readily accessible.

Cut to PR executives high-fiving.

Fourth red flag: It’s essentially a one-source story. Here’s the evidence Bloomberg presents as if it’s fact (you’ll see below that it’s not):

In the missile-range case, Tiversa’s systems noticed unusual activity coming from a cluster of computers in Sweden, where until December WikiLeaks had some of its key servers. The cluster was furiously searching P2P networks around the world. It hit pay dirt in the form of a file blandly labeled BPL_HI.pdf, available for download from a computer in Hawaii. The Swedish computers downloaded the document, and two months later it was posted on WikiLeaks.

Ryan Chittum is a former Wall Street Journal reporter, and deputy editor of The Audit, CJR's business section. If you see notable business journalism, give him a heads-up at