behind the news

How hacking confusion threatens tech reporters

Barrett Brown's case highlights the need to hire experts to dissect digital scenarios
January 26, 2015

Not everyone agrees on what to call Barrett Brown. He has been dubbed a journalist, a hacktivist, a criminal, and a spokesman for Anonymous. His writing career predates his association with the hacking collective, but he admits to becoming a general advocate for Anonymous and a limited participant in some specific operations.

“All in all, I served a very ambiguous role, just as most of my other positions are ambiguous, as is my status in general,” Brown told a German interviewer. Last week, he was sentenced to 63 months in prison for charges stemming from a 2011 hack of Stratfor, which performs intelligence analysis for governments and private companies.

Regardless of how Brown is ultimately categorized, his case resonated among journalists who felt he was prosecuted for actions vital to reporting on digital security. And the specifics of his case highlight how a limited understanding of hacks and hackers–among judges and prosecutors, but also among major media organizations–endanger tech reporters.

In 2012, the Department of Justice indicted Brown for “traffick[ing] in stolen authentication features” because he posted, in a chat connected to his crowdsourced reporting organization, a link to Stratfor information already available online. Those charges were eventually dropped (Brown pleaded guilty to charges related to threatening an FBI officer and interfering with an investigation), but they played a key role in the prosecution’s attempt to secure a heavier sentence for Brown.

“This meant that Brown could serve more time for this alleged crime, despite not being convicted of it or pleading to it,” writes Quinn Norton in a recent essay on Medium titled, “We Should All Step Back from Security Journalism: I’ll Go First.”

Norton, a long-time hacking journalist who served as a defense witness during Brown’s sentencing hearing, argues his posting of the link was just a basic procedure of digital security research. The court’s inability to understand that convinced Norton she can no longer safely report on digital security.

Sign up for CJR's daily email

“In seeking to punish people who find themselves in receipt of information… with charges as if they’d broken in and gotten the information themselves, the government chills the basic techniques used every day to keep us safer and more informed,” Norton writes.

But frequently it seems judges and government lawyers are not the only ones who suffer from an incomplete understanding of hacking and hackers. The mainstream media, too, struggles to illuminate shady activities online.

“I think [digital security reporting] tends to be sensationalist,” said Bruce Schneier, a cryptographer and computer security evangelist, in a phone interview. “The media just buys these outlandish spy stories.”

For a recent example, consider The Intercept’s takedown of the rush to regurgitate the government’s claim that North Korea was behind the Sony hack, despite reservations from security experts like Schneier. (“The FBI’s evidence is circumstantial and not very convincing,” he wrote in Time.) The Intercept accused many national reporters of being irresponsible and uninformed “stenographers” for the government’s digital security claims.

Then consider how at the same time, the same publication was reporting on an FBI memo authenticating a threat against CNN by the same hacking group, which later turned out to be a joke posted on an anonymous message board. Sorting through cyberspace is hard, especially when reporters don’t have the time or the expertise to pick apart digital nuances.

Barrett Brown certainly didn’t benefit from the mainstream media’s tendency to oversimplify his relationship with Anonymous hackers. In Brown’s first major TV appearance, in 2011, an NBC correspondent introduced him as an “underground commander in a new kind of warfare.”

There is no discussion in NBC’s story of the technical activities behind Anonymous’ hacks, and it is only at three minutes and 25 seconds into a 3:47 piece that we learn, “Brown told us he’s not personally involved in any computer hacking.”

A similar pattern played out in court. Reports from Brown’s first sentencing hearing in December (which dragged on and was thus extended into last week’s hearing) indicate that prosecutors worked hard to undermine any claims that Brown was a journalist, rather than a “malicious hacker,” despite the work he had published in outlets like the Guardian, The Huffington Post, and other publications.

Douglas Lucas, a freelance reporter who covered Brown’s sentencing hearings, was struck by the indifference to technical details in court. He said here was no computer or systems engineer brought to the stand, and little talk of what hyperlinking actually is.

“It was almost like it didn’t matter,” said Lucas in a phone interview. He said the prosecution instead argued by analogy, explaining how laws work “in the real world,” as if Brown’s actions took place somewhere else.

“In general, this is indicative of a huge problem with the judiciary and the Courts,” added Kevin Gallagher, a systems administrator with the Freedom of the Press Foundation and the director of, via email. “They are being flooded with cyber cases involving very technical stuff, and these judges, who are of an older generation, are not able to understand it.”

“Towards a solution, more technical experts are needed, as well as more clerks who have the education or savvy to dissect and explain the claims being made so that the people deciding the cases aren’t doing so with a massive blind spot,” he said.

It’s a solution that would help to do away with the media’s blind spot, as well. Journalists need to be, to use Gallagher’s words, “steeped in the culture” of hacking and hackers to effectively cover digital security stories. Otherwise everything becomes an indistinguishable hive of “scary internet stuff” impenetrable to common understanding.

Compare NBC’s piece on Brown to a D Magazine piece published less than a month later–it spends paragraph after paragraph detailing Brown’s complicated relationship with Anonymous. It also breaks down insider terms like “botnet” and describes in detail how Anonymous’s main weapon, the “Low Orbit Ion Cannon,” was used to attack corporate servers.

Still scary stuff, to be sure, but not impossible to understand. The clearer and calmer we can be about digital security, the less the government can rely on fear and obfuscation when going after people like Barrett Brown. Then, hopefully, journalists like Quinn Norton can get back to work.

Kelly J O'Brien is a freelance journalist based in Boston. Follow him on twitter at @kelly_j_obrien