How should journalists deal with reporting cyber attacks?

15.00 centro Servizi Alessi Scrivere di incidenti informatici_Photo Danila D'Amico (10)

Cyber war and hacking are impacting on and changing our news agenda, as well as increasing the need to journalists to have a working knowledge of the web and an understanding of the motives or hackers and cyber criminals. Hermes Center co-founders Claudio Agosti and Davide Del Vecchio joined Effecinque co-founder and journalist Carola Frediani and UNICRI project officer Francesca Bosco to talk about reporting on cyber war – and what the journalists need to know.

Journalists have been guilty of not being altogether accurate, or objective, in their reportage of cyberattacks and cyberwar. Some of this is due to the fact that these subjects can be outside the technical knowledge of the writers – as Claudio Agosti said, “it is now clear that the journalists who have to write an article on such a topic, lack the technological know-how and also lack the context”. Many journalists still don’t know much about how the web – and hacking – work, on a technical level but also within the culture of online and hackers communities.

This leaves them ill-equipped to properly judge the importance (or unimportance) of cyber attacks, and less likely to have the knowledge to speculate on the motive and origination of the attack.


The Scenario:

Agosti and Davide Del Vecchio lay out a scenario for the panel – a situation for them to discuss what they would do, either as journalists or as web professionals.

The scenario is “a typical one of denial of service. This is the case when somebody has attacked a service or a website.” Someone sitting in a monitoring room at a popular website will notice a graph go red. This is a graph that monitors incoming traffic to the website – this traffic is being constantly monitored and analysed to develop a baseline. The baseline is a judge of the average amount and type of traffic the website receives, based on context from all the analysed data.

“When an attack occurs the type of traffic changes…and an alarm is triggered.” Someone must then analyse that alarm and find out its case.

It may be the case that the alarm is a false positive – say a ticket site had just released the first 10,000 early tickets to see a very popular band. The rush of traffic to the site could certainly trigger the alarm.

“In other cases the traffic is actually disrupted due to an attack.” These attacks are relatively common, they “don’t need high level specialist skills” to perform and they tend to knock out a website for a few hours.


How should journalists react?

According to Carola Frediani, in a scenario like this one “the starting point is this: attacks like denial of service are very common…and relatively easy to perform. You need to understand whether it is an attack that’s important from a journalist’s point of view.”

This means thinking about factors like who is being attacked, whether the attack will have a remarkable impact or not, and whether or not the website is actually down. Common hacking attacks don’t get the visibility they used to – maybe because people have become accustomed to them. We understand now that hacking is a part of using the Internet, we’ve kind of gotten used to it.

But if you do decide the attack has significant, and if you do choose to write story about it, there are more things to be considered. The first question to ask is why this attack is taking place. “These attacks have often been used by activists, for their highly demonstrative value”, noted Frediani, “it’s similar to a non-authorised rally in the street – this is the meaning to their attacks.” This ‘hackitvism’, as it’s sometimes known, is often linked to groups like Anonymous, who sometimes target government websites for protest reasons.

Other than activism, attacks could be carried out for “revenge reasons, blackmail, to steal data…” We know there are criminal groups who hack sites for personal gain – normally through stealing valuable data or finding sensitive information that can be used to blackmail or extort people or organisations. Or it might just be a hacker testing his skills or “just having fun”. Whatever the reason, trying to figure it out and understanding – and not wrongfully attributing actions to terrorists or wider agendas – is a key role of any journalist writing about cyber attacks.

“You have to be careful about the narrative you give your news”, said Carola, you have figure out how significant what’s happened is. What is means, why it’s happened, how it will affect the public and “you also need to place these attacks in an international context.”

What about more severe attacks? These can come from multiple computers scattered across the world that don’t necessarily need a connection between them. As sure, these attacks are very hard to source and very hard to know the motivations behind.

It could also be possible that the person carrying out the attack is being paid by someone without the hacking skill to execute it themselves. Hacks like this can be rented online for a little as $30-$70.

In some ways cyber attacks are much smaller and more commonplace than the average reader realises. But there is also much more to them, particularly to the motivations behind them, than is often being reported accurately. Journalists need to move away from shock-value headlines using catch-all words like “cyberwar” and “cyberterrorism” to properly consider each example they are writing and look at them from all angles.

Above all, in this era of the Internet, reporters have a responsibility to understand and be aware of both the technical and contextual aspects of hacking and cyber attacks.