How many red flags can we count in this Bloomberg BusinessWeek piece on WikiLeaks?
First there’s the headline:
Is Wikileaks Hacking For Secrets?
I, like my colleague Lauren Kirchner, have a real problem with question headlines, which seem to have proliferated in recent years. On the bright side, they’re good leads for critics like us: It’s a sure sign that the reporter can’t answer the question and a possible sign that they shouldn’t have written the piece in the first place. In this case it turns out to be both.
The second red flag is the subhed:
Internet security company Tiversa says WikiLeaks may be exploiting a feature in peer-to-peer file-sharing applications to search for classified data
“Internet security company Tiversa says,” huh? Who the heck is Tiversa? It ain’t exactly McAfee or whatever.
More importantly, an Internet security company has an incentive to pitch stories that make it seem like Internet security is really, really bad. That way you’ll buy their services. Here’s how Tiversa describes what it does:
Tiversa provides P2P Intelligence and Security services to corporations, government agencies and individuals based on patented technologies that can monitor over 500 million users issuing 1.6 billion searches a day.
The third flag is all the weasel words in the key paragraph explaining the “evidence” (emphasis is mine):
Except that WikiLeaks, according to Internet security company Tiversa, appears to have hunted down that military document itself. Tiversa says the group may have exploited a feature of file-sharing applications such as LimeWire and Kazaa that are often used to swap pirated copies of movies and music for free. If, for example, a Pentagon employee were to log on to such a peer-to-peer network (an array of disparate computers with no central hub) to download a movie, he could possibly expose every last e-mail and spreadsheet on his PC to prying eyes. That’s because some peer-to-peer, or P2P, applications may scan users’ hard drives for shareable files. Not turning that feature off, or specifying which parts of the hard drive may be searched, leaves the door wide open.
Hmm. So a P2P security company says Wikileaks “appears to have” hacked into military computers and “may have” used P2P to do it. What’s wrong with this picture?
And BBW (the story originally ran at Bloomberg) continues on with its reckless speculation via weasel word:
The possibility that the site is systematically ransacking computers may offer prosecutors an alternate path to get the group and its founder into a U.S. courtroom.
Neatly enough for Tiversa, BizWeek plays along with the cloak and dagger stuff:
To conduct a massive search of networks around the world, huge amounts of computing horsepower and bandwidth are required.
Tiversa has plenty of both. In a secure room at the company’s headquarters in Cranberry Township, Pa., banks of servers create a minute-by-minute map of what is effectively a global treasure trove of secrets. In a brief demonstration of what’s out there for the taking, a Tiversa analyst taps a few keys, and up pops the cell phone number of actress Lucy Liu along with the pseudonym she uses to check into hotels—attached to a production company document clearly labeled “not to be made public.” There are several draft chapters of a book by white supremacist David Duke, as well as a spreadsheet of all the donors to his cause. Assange has told interviewers that his group has damaging information on pharmaceutical, energy, and financial companies; (Tiversa CEO Robert) Boback confirms that confidential corporate documents are readily accessible.
Cut to PR executives high-fiving.
Fourth red flag: It’s essentially a one-source story. Here’s the evidence Bloomberg presents as if it’s fact (you’ll see below that it’s not):
In the missile-range case, Tiversa’s systems noticed unusual activity coming from a cluster of computers in Sweden, where until December WikiLeaks had some of its key servers. The cluster was furiously searching P2P networks around the world. It hit pay dirt in the form of a file blandly labeled BPL_HI.pdf, available for download from a computer in Hawaii. The Swedish computers downloaded the document, and two months later it was posted on WikiLeaks.
Executives at Tiversa, which is hired by governments and corporations to use the same loophole to find exposed documents and figure out who might be accessing them, say the Hawaii incident wasn’t an isolated case. Its technology has detected the mysterious Swedish computers downloading gigabytes of data, much of which soon appeared on WikiLeaks. “WikiLeaks is doing searches themselves on file-sharing networks,” says Robert Boback, Tiversa’s chief executive officer. “It would be highly unlikely that someone else from Sweden is issuing those same types of searches resulting in that same type of information.”
The fifth sorta-kinda red flag (once you’ve seen two or three in one piece, it’s good to start suspecting everything in it) is that two of Tiversa’s advisors have awfully tight ties to the U.S. military and federal government. Wesley Clark, the former NATO commander and four-star general, is an advisor as is Howard Schmidt, who worked for the feds for three decades. Here’s the latter’s bio:
He retired from the White House after 31 years of public service in local and federal government including the Air Force Office of Special Investigations and the FBI National Drug Intelligence Center. He was appointed by President Bush as the Vice Chair of the President’s Critical Infrastructure Protection Board and as the Special Adviser for Cyberspace Security for the White House in December 2001.
This piece raised questions from Forbes‘s Andy Greenberg, too, and he beat me to it by more than two weeks. It’s some excellent blogging.
Sure enough, Greenberg confirms that Tiversa is working for the U.S. government, which is Wikileak’s sworn enemy, and he blows apart Bloomberg’s piece with this reporting:
In fact, in a phone interview with me today, Boback sounded distinctly less sure of his firm’s deductions than he did in the Bloomberg piece. “What we saw were people who were searching [computers connected to filesharing networks] for .xls, .doc, .pdf, and searching for those generic terms over and over again,” says Boback. “They had multiple Swedish IPs. Can I say that those are WikiLeaks? I can’t. But we can track the downloads of people doing that, and a short time after those files were downloaded, they’re listed on WikiLeaks.”
Boback, who says he’s working with a U.S. government investigation into possible peer-to-peer sources for WikiLeaks, says that he saw downloads of documents that later were posted to WikiLeaks from other countries too, both “in the U.S. and across Europe.” ”Many of the searches are in Sweden, many are outside,” adds Boback. “It’s hard for us to say that any IP address was WikiLeaks.
Ayy.
And then there’s the Occam’s Razor thing, which should have raised some questions from editors somewhere along the way:
Still, WikiLeaks’ latest bombshells, like the military documents and State Department cables allegedly leaked by Bradley Manning and the upcoming list of tax-sheltered Julius Baer clients in Switzerland, seem to have been the product of traditional whistleblowing, not hacking. Part of what has made WikiLeaks so much more effective than traditional hacking efforts, after all, is that whistleblowers with privileged accounts within computer networks are a far more efficient source of embarrassing data than hacking techniques such as random searches of filesharing networks. As Assange reminded me when we spoke in November: “Insiders know where the bodies are.”
The unfortunate bottom line is that it seems the press feels freer to go aggressively after enemies of the state, even if they’re helping it do its job informing the people about what their state is doing in their name.
Would this kind of journalism have passed the smell test if it weren’t about Wikileaks? I highly doubt it.
Bloomberg and BusinessWeek shouldn’t have run with this one. It looks for all the world that they may (to borrow a word) have published a smear.
Ryan Chittum is a former Wall Street Journal reporter, and deputy editor of The Audit, CJR’s business section. If you see notable business journalism, give him a heads-up at rc2538@columbia.edu. Follow him on Twitter at @ryanchittum.