Bestand wählen
Merken

How to Report on a Hack Without Becoming a Puppet

Zitierlink des Filmsegments
Embed Code

Automatisierte Medienanalyse

Beta
Erkannte Entitäten
Sprachtranskript
deserve the right and the and that is the point that he was a plot to the
and UDP to build it back object the chew on you with
my esteemed colleague Joseph quote to as the title for the English motherboard channels and covering a cybersecurity
some dark and stuff like a topic and has seen a lot of data just as been reporting step 4 or 5 years now arm and to my left is Thomas Reid and Professor Institute studies at King's College London and actually you you studied in Berlin and some fit your a and political scientist also historian on but also the story and this information information campaigns active measures but you have also been digging through quite recent stuff and researching recent data breaches so really at the intersection of what we will be touching on today which is politics and computational technologies data breaches and and uh the way we're going to do it is and I and funding moderating this and the editor-in-chief of the German Mother wants side and we have an hour and approximately it'll be 30 minutes of talking and then we hope to open up to you and then of course we will also be talking about some of colleagues possibly talking about how hiking might influence the upcoming election campaign of howard action might not arms found and I want to stop before we dive into the serpent more current affairs if things and I want to start talking about how hiking stuff is reported out and me and Joseph talked about this before the sexually quite a bit of stuff that the public doesn't get to see how that much and doesn't get to hear that much of parts of the stories that also for the public doesn't get too much about so that we can start talking about on what this is the 1st thing you do when a hacker approaches you are offering data when you find out there is data someone to to reported possibly yeah so I mean it will start with uh all technology journalists will most probably should have a encryptors means of communication we use make public uh you have that then whenever you're online a hacker and uh will just send you a message most the time of silicon the anonymous because they all criminal leaving if some doing is highlighting corruption
malpractice whatever might be that'll send you a message may chapter for a bit and then they'll probably offer you some dates um and that could be anything from I mean the scale of the
Panama papers uh down to something uh maybe like a surveillance company was hacked or something like that and the e-mails and contracts muscles saying uh the vast majority of least in my experience will be e-mails and passwords some crappy porn website the type brother security angle hacked uh delisted send you the data and you'll figure out a way to transfer that information while protecting the privacy of of the victims of the had
uh again if it's a old website a dating website you probably most certainly want to um protect the privacy and
integrity of that data once you've actually obtained that's um it really depends on what the actual data contains if it is just login details for a website you may go and try to create an account on the site and then you can't because I e-mail addresses already registered by gives you could I did that um that data actually loans that website and even this early on you have to be incredibly sceptical uh and aware of potential fates um I mean I guess like a properly quantifiable something like 35 40 % of the data dumps I receive are wrong all uh they actually come from a different website or the hacker is bullshitting and just try to get their of the underground street cred were the right so you have to assume if the data is state until you have actually have managed to verify someone goes aware the very 1st important step in which is
verification against uncanny can you go a bit into detail how you verify data yes so as I
mentioned if it's just e-mail addresses you figure that out uh and then it may just be
a simple as contacting victims of the data breach a lot of the time people quite happy you've told because presumably they don't know and the victim company doesn't lighter so you'll actually helping them by forming them you write or a nice friendly um not scary e-mails saying hey sorry every possible this information to the diamond interacting with um and yeah a lot of the time that the other times they will get very scared justifiably and maybe inform the company might leisure jeopardize all this is that the company knows before you ready for them to be where the advent of vast majority of the time people never apply um which is fine so there's a lot of luck in data breach verification this this you come contact the victims maybe it's more of a contractual data you maybe try to cross reference it without public information um maybe there is a contract between the um hacks bank and a insurance provider which is a real case loss and release of investments and the answer that gonna just jump in and there to make a bit more
concrete could you and give an example maybe talking about the recent flexed by story and I went about contacting
victims like ha ha ha you go about that yeah and and maybe we should also mention that affected by is a spy developer primarily marketing its tools as a cheap way off on surveilling some targets which they claim that this would be used in legal cases which we actually found on a lot of cases it's some ex-partners cheating on each other yeah espouses began and so Max addresses confocal flexes by Thailand it will
sell anybody who wants it a piece of software to install on your phone or targets very quick intercept phone calls e-mails text messages
photos remotely switch on the microphone uh remotely switch on the camera and this is the tale of the government's all some sort of surveillance contractors for anybody to buy 250 dollars ironically they were hacked and we were sent several gigabytes of data including the customer lists uh so that's where verification comes in we contacted these people saying Hey sorry what did you use such by um thing considering that what they're actually doing is really a legal system a US law um people did replies so yes that is my day so yes some a customer and yes I used it to spy on my wife how many will be replying but this descendant of 10 20 knows maybe 150 factors by customers I go about 4 responses so it's means the not yet
Germans genomes were but more than happy to talk I not like a thousand 300 and I got like 50 replies there were just it proportions uh yeah it's the same believed that rich people aren't keen to
chat necessarily um I was surprised by how many people to talk about year and some OK so I'll
talk about verification and what this and the next step
then of maybe just because you mentioned the sex of the 4 street credits of what do some
uncleanable should you and you verify and people still you uh deliver NodeJS cut of contact is going you try not to be rude but I say that they see
semi is knowledge of some or and you try to present a more information
because maybe I was wrong maybe I screwed verification somehow uh but then usually when you confront them they're just stop blind to because I realize I think all um the yeah you said go back and he tries get more information from the source that just in case you are all but the most the time when you use when you verify the data which is not legitimate you typically right so you have a data breach now have the data you
verify that that's correct have that in situations where you haven't run a story there or what is the judgment then to to on to you when 1 was correct so so have a correct set of data on
what what's the judgment now the most effective yeah I mean we we get a lot the gaming companies like forums so I don't know nobody warcraft something like that right like a free version and comparatively accounts and we verified that real but in the end we didn't run a piece because the system as miscellaneous website I mean even though we're talking about this enormous treating it like it's this whole anything so you know only the 21st century or something it at the end of the day is just like water if something isn't any good story or of enough interest of readers with when I run it has a reserve on OK so so we use that mostly the
echoes and you are in contact with what that remain anonymous obviously an insulating so in like under an extreme 188 so Nx importance that will be a condition which is also a classical journalistic tactic against the on maybe on the maybe to talk what are you are you go about that I mean more often than not it doesn't really
matter where the data came from at least from talking about erary general a website was hacked retaining website was hacked whatever like it will come from data traders all or maybe a data collector there are people who just collect e-mails and passwords because they wanted their personal use or it might be the hackers well um in those cases it doesn't really matter was you contributions to crazy hackers 69 out of whether US include down on us to the ways that it changes when the you're dealing with
something that's political significance or much greater public interest such as the flight to spy stuff all the DNC hacks uh and then obviously the French e-mailed them as well but it really depends on the story rather than the source of his me and then that comes in like besides my case let's let's talk about the NCX let's let's remember that story for a minute
and because and and I want to bring you in this world this because I know I you that has been a case where you dug deep into into data and actually look at conditions on can you tell us of why use started that and then how how you went about that why there was interesting and important for you to do a traditional
what have had to just a makes a very important distinction here that he's at the leaks that Joseph was describing where you have customer information sometimes login information sometimes including interest in the credit card numbers in some cases and the interesting thing there is that people have an account at Ashley Madison that's the story
itself but what you don't often have in these kinds of links is the actual content of e-mails or of file-sharing sites or something like that so it's it's very superficially in terms of its its content but then of course the political leaks and that came to prominence in many last year in the American election where individuals
e-mail accounts were hacked including and all information downloaded gigabytes of information downloaded and then made publicly accessible that of course makes it
interesting because you can look at John Podesta as risotto recipe other information which is really the public concluded that it was the
can and some pockets of you written peaceful for motherboard engaged in research into this when you collected evidence and you try to contribute from what sort of many balancing act was that there and why did you remain cautious and when did you feel comfortable calling stuff out to heavily that is clearly put out there for political effect and in the case of an election campaign we saw that just on friday evening with the mark on the homicide in 2016 with the he teaches separately it's roughly 80 separately that were related to the American comparing election campaign is something that like that happens and of
course the question of attribution which as we just pointed out is in Seoul interesting necessarily if you look at a large data set their credentials dump the attribution question becomes very important because who is trying to achieve a political effect the and then of course the next question is how do you achieve attribution but you what you do and that's what I think what I've been going what would you do what did you do in that case and well if you have a major
breach comes of the network in the case of the Democratic National Committee which is essentially the party the Democratic Party it's like here in the diamond contexts as if the Christian Democratic Party headquarters would get half of what they call the SPD something that had an action that network breach somebody broke into the network like breaking into a building and then they needed to move around in the network and take the information out and just like in the physical library if somebody breaks into a building you need tools to get into you need you know you would need sort of like a vessel to carry stuff out and then you would need a car to drive away you have the equivalence of these things are in in a digital environment as well so you can look at similarities where was that exact tool used in which uh the battery was the same tool used so we found for instance that the same tool that was used to hack the time the tool that was used to have the B and the and the impact of the German parliament the Bundestag is the same I am come under control IP address this is the equivalent of a getaway car in a battery if you like in order to exit content and that is then a meaningful forensic link between the 2 and maybe let's talk about the actor in the cases of tampering with the in the US forces so because what's the what's the use of the 2 there have been several interviews and people speculating about his identity or the or the identity of the that that group around why would it be important in that case who the is and and
to to talk to more then I mean in my case for the DNC at this character on Twitter call themselves to 2 . 0 and so was a Romanian hacker protect various some US systems politicians and he was trying to give the on the
Romanian market to find the DNC because that corrupt or whatever maybe that for solid felt pretty quickly when our colleague of Lorenzo try to speak to him in Romanian we guy just was clearly using Google Translate uh doing all the salsa mannerisms that we have an matches the Romanian um but the reason why um batch additional sources important because used use of 32 just dump the e-mails and I was it was actively going to journalists say from the hell out which is kind of conservative uh website and a hey is something you like is something you readers will like you should have cover this all the go to political and try to push the same thing so this souls clearly has a motivation not just behind dumping uh the or rethink hiking the 1st place but pushing a certain media agenda uh and edge became increasingly important in salience as the campaign went on it wasn't the normal data breach so saying it's actually important to to point out of some of if a hacker has a political agenda it's something that should be included in articles and publications or uh this is a publication alright as well just uses the data done and done of the stuff in the data and what point is that important to include just wasn't going back to become the title that we gave the session here I mean in some cases and I'd probably say in the DNC factor in the highly likelihood blue is Russia is actually more important bosomy e-mails like John Podestà's result a recipe or something maybe that would or should I care about who leader data was much more important than the actual information itself uh as might mention this analytical have proposed hack without becoming a puppet and maybe unwittingly or maybe because to be honest they just didn't care plenty of members of the US media but did become
puppets like before but the Russian retrieved despite its reporting on the documents accuse those feeding them
and is going along with that uh and no always pointing out that find way this is likely a Russian operation um I mean even if you're not going to do a piece just by itself saying hey the Russians of doing this you may want to include the released you sentences that by the way this probably came from the Russians if you actually evidence to back up because I mean ultimately we're trying to make readers more informed and if you missing that context I superficial asking you probably do actually a disservice to reader antigens more world but maybe if I can of and some historical uh comparison to to that which was have just sent to look at
disinformation campaigns during the cold war and there were many ever literally thousands of disinformation campaigns during the cold war I make a 1 example in the late 19 fifties 50 from between 50 7 and a 16 the KGB with sometimes with a bit of help from they just as he uh wrote this was doing a campaign of hate mail against French officials in the in the eyes of slow and region which is was formerly part of Germany and so they tried to fan the
flames of neo-Nazi anti-Semitism in that region through letter writing campaigns threat that us and in that context even assassinated 1 no 1 person which is quite an extraordinary thing to do but if you look at this this this information campaign historical
it was very labor intensive they really had to sit down and write a proper letter to think about what they would write 1st make it look credible and I'll write it with a typewriter that is not suspicious you organize the mailing across the i'm cotton that kind of thing today so basically you can say that this information in the sixties fifties sixties and later was part is you really have to invest Hard handiwork to make it happen and the successful today it's more industrial in the sense that you can hack information at scale put it into the public domain and then the journalists of the actual victim countries will create the value of of the disinformation campaign that's completely new um sigh saying
that I hacking as part of the electoral process and election campaigns is likely not going to go away all of this is that going to go away is becoming more and we know we don't mostly don't know where we don't know it's so far
and we've seen in a number of campaigns like India and DNC and wider hacks in the United States it's a very easy thing to pull off it's not a difficult operation to do because people always make miss some people always make mistakes so you will get through in the case of some accounts and it will be possible to exploit that information and but it's early days we don't know it's much going to be much harder and Germany and think to exploit the the political situation in Berlin Germany uh come September because we've 2016 already happened yeah we having this this discussion today because we understand there is a real problem all realize there is a real prob problem on Friday the French are understood the problem so I think it's it's more difficult to do this again because we are not thankfully that's that's what McCorduck situation
late Friday nite and would you would you agree that the different reporting was also in part because of the french media will watching the the deities situation that the Inc the deity from all as that only to do with the media of the blackout that is supposed 48 hours for that yeah good there's a few things about listed there on friday uh somebody posted onto pastebin and the Internet Archive I think a selection of by males of links to the e-mails of stolen from the microM campaign uh whereas US journalists uh was the DNC hack just jumped amazing also start reporting things uh the timing of the dumb came just an hour I think about the full French media were banned from reporting anything substantial about presidential candidate do have a limited pouring flat reason um imperceptible to answer
questions yeah I think that so this is the 1st of the french media must be following the DNC in a single philosophy that uh and then there was a the French paper Le moment
posted and updated in several of the article saying that we may report on these e-mails if there's something interesting in them if there's real scandal but we are not going to have the right to the schedule off an anomalous hacker so they went out of their way to actually say we are not going to be of a puppet so whoever is behind this e-mail down so fast that clearly suggests lessons learned from the here but just just just to point out something to make this a little more
human I mean maybe there are some people in the room of people who have worked on a campaign on the political campaign or have done some sort of activism it doesn't have to be on a political campaign of spoken
with a few people on the podestà excuse me on the Clinton campaign just after the uh access to the leaks came out and this was really personal for them because every single day for the entire month of October single and unique came out and the contained in the leaks contain personal information about relationships within the campaign sometimes private information you have people be that their children threatened and sometimes harassed so it really wasn't an emotional dream on just work so people have to check the WikiLeaks you know instead of actually getting their work done because of course people talk about this kind of thing with them so why we shouldn't underestimate the emotional impact of like this hitting hitting the public domain anything that's again were the
things journalists need to bear in mind when actually reported the text what you me that is just as important as what you actually include I mean during the the Sony hat and will be mailed stumped aligned uh musty whose school or gizmodo sorry Quik-Comm remember that someone reported that a certain celebrity dies that pubic hair or something completely private that newspaper just shouldn't be running any when you get this e-mail dump you don't so we have an obligation to report every single little nuggets he get since traffic to your website you still have to go through the public actually to know this and that balance between public interest and invasion of privacy is even more intense when gigabytes of information don't always anyone to look further and because anybody can look through it is not just professional journalists all training journalists members of the public all security researchers who may not subscribed from to the same so the values you do balancing the privacy of public interest so we can really affect a private individuals so but let me ask you something in
both of you with about journalists the question so I'm currently doing a lot of this terrorist historical research into this
information and in the early 19 seventies the Stasi here in Berlin actually intercepted a phone call between then helmet Helmut Kohl and and 1 of his son the CDU officials got even call it became a scandal stars the intercept this phone call come off last is an American intelligence operation and give it to a that a German magazine called dashed no yeah it was pretty clear that something was wrong with this guy there was an American intelligence unique or stars intelligence leak dashed very clearly understood at the time what would you have done you have published knowing that this is an intelligence operation hold you not Georgia has it I can go
around well I would look at the information obviously 1st and try to verify arm and then tried to evaluate what the public interest is arm and if it turned out to be of
public interest and to also if it turned out that there is no 1 of personal intimate
data affected only told told in the story that should be set up and make sure that that was rejected on and then run with the story but I think also include the knowledge as Joseph said before that that story is just as important as the original situation between and and could be become from the stuff they discussed so I would have also include everything that we know and maybe it's only when grown if that allegedly supposedly in intelligence complained but even that's on as all investigate more and then only publish when you know of what you can say about that that the way that information was produced or was sent to him yeah I'm largely the same if a going on the premise that the intercepted communications of public interest um your going to publish it probably regardless of whether you know it came from intelligence operational not the same in the public interest you don't knows from Intel operation yeah fine go ahead and uh climate occurrence if you do have that suspicion yeah you probably would include about import it wouldn't stop publication and I think that's what we've learned DOC leads that even if you do hedges say yes and this is like the Russian
campaign that doesn't mean gender a going to and they should be so while we're not going to win not publishes information there is still stuff in the public interest to much of what is in the
public interest in looking at the chemical
leaks on hold that story and develop all what what what stories would you guys find interesting to see you read what what leads to useful now I mean it's apparently not what's actually in the males because it just looks like a by got
really the most interesting thing we came out was a clearly fake invoices that from some of the can campaign buying methamphetamine and thought well that was obviously completely fabricated so that's the most interesting thing in the modem the modem isn't story right that's why this is happening so on thing here as we mentioned earlier there you Reese well 20 research groups and taking into this I'm afraid the the release more information about who was behind this attack and maybe the reason why the intermolecular on a broader public interest level isn't just about journalists it's more about OK we're seeing a pattern here and now we can plan and reacts full when it could well happen with the Germans or even in the UK snap election that's i'm just being called so that's probably immigration public interest that people are actually learning from the operation and what about the interesting more or
some of the kind of strange sounds story and is told in that tweet that went viral that the
recall election campaign actually outsmarted hackers some someone and that so the the exact wording there but it was something along the lines so the McCall campaign found out that that's what what that that imply found out they were being attacked or coefficient and starting with that with that realization they they couldn't fake documents by themselves to and yes temple with the release of new what what do you make of that and I mean so you this tweets uh which has been pre-treated
maybe 8 thousand by thousand times now i was saying overlook microM campaign have released fake
information to full 1st of all where they actually fake information themselves as the baseball anymore reporting the WikiLeaks them even publish the states I mean there is very little that WikiLeaks has been instrumental lies as a state weapon but in this case it was and doing tweets I that gain traction women with the chance to respond and all this stuff which just gives ammunition um to the dogmatic critics who will never accept that evidence is Russia whatever it may be but so that sort of thing is just as bad as so-called taking needs when the pool falsely accused WikiLeaks of doing something bad as well absolutely I couldn't agree
more with a I find it quite disturbing to see how quickly these if a story like like the current the Macaulay story about company
shows up and that's very significant media interest in it and people jump to conclusions extremely quickly they don't look at the technical details don't look at the technically available forensic evidence for the absence of that and just run with an argument that confirms their beliefs and that is certainly a trend that we see on social media especially on Twitter and I'm afraid that Twitter is not doing very much to give us tools to get that under control let's let's magnitude to
record up to continental so not to to the audience and let's talk about a 1 1 last an ongoing hacking story and the US shadow brokers who come and talk about how these a lot of these stories gain traction and the cycle that they go through which is the interest that community and so I think it's something that is important to talk about arms and maybe you can
explain it from here on what the set of books actually is in the top but or letters latest release on the motherboard actually we
ourselves also relied on on these researchers that have to have any wrecked stories you ran wrong stories and we got up the uh social approaches is a
group they call themselves hackers but we we don't really know what they are they've repeatedly released
tools from the NSA so the Anastase actual toolkit for breaking into Windows systems extract data whatever may be I'm in a recent 1 uh with a selection of very high value that exploits specifically for Windows and Flemish alebrijes group tweets without um this material it is you just send it to a journalist do it's out in the open it specifically sent the data publicly on Twitter to cybersecurity researcher who has been digging through the previously to clearly whoever's leaking these hacking tools sigh they're paying attention and they're giving the legitimacy by verifying the data is real that's exactly what I need go out and we'd be reporting on us the intercept and database that every 1 of the following the story pretty closely except in this instance with Windows ones a few researchers that they were 0 days which to keep it short is a more valuable so that exploit because of Microsoft doesn't know about it's the conflicts that was wrong uh we will the headlines there's the days the intercept varies of people do we have to correct uh of stories everybody screw that 1 up um and then we take place for a myriad of mistakes but also shows that dynamically journalists have with cybersecurity community because we call we can't work now when we don't understand it so we rely on people to do that uh sometimes we get out wrong as well you will not novel researchers like it's
known and it also goes to show how complex the matters and again all courses have to be when you jump to conclusions like it's hard to it but I mean I would just like to do is make a very short observation
minimum intelligence time and that's what I teach at King's College London and in technical terms I think what we saw in the shed broken system some high-tech spy shit happening in real time and what I mean by that is that is residents history for that for for for that kind of event so for instance in the late in
the early 19 sixties the KGB got their hands on highly classified uh US and military documents including nuclear departing guests they took these lists fast it was highly valuable intelligence in the early sixties but after a few years the are at this particular piece of intelligence had lost its value because the Americans also knew that compromise then they flip the switch and started to use it as what's cultural in the in the in the in the trade meaning they would publish this information to make it public in order to embarrass the Americans and the did this for years they didn't dominated in in the in the UK I lot so I think what we're looking at here which other me be the 21st century equivalent of us making intelligence that is actually not and that's valuable anymore as we know because many of these vulnerabilities have been patched making it public in order to create an embarrassment effect about and have disability we said we
may also expect it was Russia behind which other brokers I mean that's probably a fair assumption but nobody should be writing an article the shadow brokers are Russian because we don't have the forensics evidence to back up a part which is different to the the DNC case where we said do have strong evidence and just to close and the final observation historically speaking yet attribution sometimes is very difficult we have many cases of historical misattribution of operations uh the ECA historically tended to overestimate stars if for some reason and thought study was behind more intimate operations that it actually was but an important is often you need the defector somebody to come out and write his memoirs and mention specific operations in their memoirs in order to have certainty and we don't have today so I fully expect so as to remain in this disgrace space in this and that certain space for a long time in some cases In let's open up to the US to the audience and I and I guess we'll have a microphone going around so if you want to come up with questions from please raise your hand and wait 1 2nd to get a microphone in only 2 seconds as it's being cats from from the back home the frontier and thanks laughter talk about this because I have a question with regard to this leads us curious what you can when you think back in time how
would you covered a story differently so knowing how the story developed over time what parts of the coverage from a journalistic perspective would you change this I think it's no use for the
except obviously an exceptional case because he made the decision themselves to not remain there remain anonymous so presumably because that would leave open plenty interpretations of all this the Russian all-pole the Chinese Hackman whatever may be that he went out and said this is what I'm really saying this is in the public interest and the clearly was an absolutely right but it's a start hard to kind lots of that because the decision was wasn't up to the genesis of the way because that came out of themselves and of course I mean the Guardian have exclusive uh at giving right and everyone else just have to follow but that's saying that as the stadium coverage is carried on uh um and drag down to the people have certainly I would say what's interest and maybe the wider public as it is good that whenever there is a story based documents reminded this table whistleblower and not some third-party after mean having a context uh throughout the coverage is pretty important things I think that's the 1 thing before for your question I'm I think something that we did not do maybe maybe should have done it to also differentiate between arm hacking leaks and whistle-blowing coming like I guess we hope came through that we don't assume this all to be the same but it's very different situations from memory different evaluations that you have to make so under someone again this is a very exceptional 1 2 to the other ones here in please of sort of my question addresses for Marx and
those of both of you guys have raw worked a lot on tax and material as sources for with stories that came from his result of crime and you know after the cases that we had with Barrett Browning and now than injury Markush I'm facing issues for the interactions with other resources but my question is and you have a in your experience the approach of authorities because of your communication in relation to some degree with resource they have on like some someone but just mutant prime and how much of that is of concern to you as a possibility didn't happen and whether that effects on the way that the conductors reporting more in the region of the information you have been approached by lawful few times are any of
covered the Ashley Madison happens dating sites 2015 the happens and find the factors and then the FBI want to have a phone call answer to Toronto Police uh because it was a Canadian company I took the phone call and they asked for the heck is e-mail address which a user could to communicate with them and I obviously politely declined them if they want to get that they can get a subpoena them or warrant and even your source is a criminal and has to be a said In all these cases all of us majority they are going to be criminals and in some way or another regardless their source so if it's a hacker a federal agents a paedophile in some of my other stories as well as the source of this uh and if you treat them all with the same respect that and take the security of each 1 is seriously but as everyone else on the considering more I have not been contacted by law enforcement yet many of the stories come in and like I guess and talk to them as well but in the West for any information on the source of what also declined and I want to point out some the German specific situation which is being all of them safe for forcings clogged so there's a family prosecution of the supreme Jensen for important offices good but there is a pretty terrible or being tested the code that you know I am I'm afraid I would know the translation from but on the along a lot of other stuff that covers it basically and could mean that journalists and also on the bloggers which would be people like that's pretty which might for some people be considered bloggers come in in in a court case I can be prosecuted for 4 and passing on information and it it might it's a very it's a very become very formulation but it might come from include that of for example that I want to have something to Joseph and I could be prosecuted for doubling of i which can lead to women have history as I'm afraid I'm sorry I don't know the exact number but it's it's a very high number so some of what we have seen in a case where that has used on that's a pretty new law and we'll see how it will develop but I'm just on a more broader scale I think we have to come remained very alert to on any legalization of being passed on the web insulin regulation in general that might temple with a journalist possibility to communicate with sources on the internet by just to like it's more practical advice uh whenever you communicating with a hacking source um you can get quite friendly with and you talk a lot and typically is the 2 o'clock in the morning or whatever cause that's when people chat um but you have to always make sure to remain in the journalistic role um I mean you would never ever tell them all during this company can maybe go find this specific information so that because in Europe and accomplice and you'll you would you could be criminally prosecuted for that I mean you can only ever ask them to keep the data if they have already retrieved um and then of course always act under the assumption that you if will only cryptic chat just assume the federal force official is going to see that at some point because time and time again we see will have to support all topic drug dealers accord someone only verandas loading the conversation maybe they want to test can get leverage over someone else so link to the deal or maybe just media that they left uh looking on the pigeon client whether maybe but always assume the whatever you're doing is going to become public and always stick um when the law and maybe a heck of a figure of a fucking that for doing that like nor a cool ever you have to do it because you could have cases like Sarah Brown what do arguably may be gone over to close with the community use covering maybe that's why card lets how it will assume an high and this is kind of a follow-up question or comment about them is their maybe
you remember it I think last year and and I'm in your colleague at King's College and who is also director of the International Center for the Study of radicalization I think they have been made to the not being just contact that friendly by the security authorities but they've been right that that they think they and took away a computer hardware because they were doing research on foreign fighters away in contact with them and they think the UK authorities has the law which allotted to the security authorities stopped due to take this this computers so maybe this is that this is a comparable case so maybe you can comment on this if you have any details them I'd rather
not comment on that case also because they're not familiar with the precise details but I wasn't in that research group on at all and but just as a broader comment when the in just a few weeks ago the US government announced they would prosper profit will consider prosecuting WikiLeaks this is an interesting moment of truth because a lot of journalists who also who may politically disagree with WikiLeaks completely came forward in support of WikiLeaks and said no this is this is not acceptable and we we should treat them you know as a journalist I because if we don't then when entering the slippery slope and open the floodgates to forms of censorship and and prosecution that we come to regret I think this is an interesting aspects to watch for them for the for the future so the
next question we have yeah and then I guess I guess this is the follow-up to the question that was not about talking to so since we
have this on you if you have a duty of care to which sources of the beyond the anonymous say if somebody's going have be a especially if you might feel they have with proven they seem to be quite young woman might might not understand the ramifications of actions to get the feel to say a little kid getting some serious trouble going to mean that the loss of the sources
the line of this with even though the optimal muscle synonymous but it it can become apparent that they're very down maybe later when they're arrested as well and I personally try to that um step or a fine line between uh reporting working on material with them and helping them but that being said um if someone is clearly young hacker approaches me and they clearly not use to I'm talking to a journalist I'm not just gonna go policies Great and promote they say Omnitel look before we chat if you want you off the record this is how it works this have background works in the cell on the radical of works so they don't accidently say something is totally incriminating and then it's on the website and they get dying I don't feel like that's the crossing a line and you would do the same maybe if you were talking to a source of the process mainly and they were activists of particularly politically sensitive protest and you might wanna have an off-the-record conversation but they've never double the media's they don't really understand how that works before we do the same thing there's and would to a young hacker but then maybe when it comes to trying to put them on the right path or something like that personally and this is like also uh so it's not science but it is very difficult remedied by 1st we would wouldn't say hey you maybe you should be using the skills good whatever maybe because I don't think that is my role but to say that in I read friend we felt so if you have find again so I I think it can you think it can be a bit strange way when you when you realize that the person on the other hand is maybe not realizing what they're doing on and I I present tragedy is reserved as possible and I guess I can say it
kind of annoys me as well because it's it's strange situation see someone is apparently doing something they might regret at some point and you right it's like that those situations of situations where you take a lot of time to reply and think about what I would say common here this this can be totally unrelated to story into attribution verification stuff we talked about before but yeah the that's that can be part of the job and I mean it's it's definitely not cut very reserved and and then you did tell hacker all this is more you should be
doing I mean Esprit arrogant to journalists to say that you know you should be doing that because I write it the the right patronizing narrative of the journalists do that quote maybe just as a as a quick comment from the other end uh so to speak oftentimes it's it's the journalist who gets played by the by the source and that can be you know just normal normal politics and can sometimes sometimes in a in a business context it can happen quite easily as well and of course with with intelligence sources it can also happen again can even up to 2 academic uh sometimes you you've noticed them but when it happens but but I think important is not to be naive and and to think that you are a of the objective outsider well understands at all because that's certainly not the case that so many more questions earlier in the year the 1st
I really appreciate that sort of current historical perspective you on his panel and for Thomas argues that we live in this moment right now where
technologically a lot of people I can say either it's completely new and novel and we've never been in a moment like this before or that and this is a we we've done all this or there's all these these things here all these examples that we've lived through the exact like they are today and just from your perspective looking both at today in before you get to pick 1 from each of those that you think you sort of either unique or really notably a lesson here the remembering from with or on either 1 or both of those I would just like to hear take on on the differences you mean I as in like something today that is novel and unique in and world lessons learned from before that we should really remember today yet you based on where we are well I'll I'll bring up a
subject that is certainly controversial and I've tried to do it in an aggressive way also I think Twitter Twitter is shamefully failing as a social media company to meet its political responsibility Twitter and this is new this we haven't seen in the past Twitter is making it much as possible is making it easier today than it was 1 year ago for this information operators to run an effective disinformation campaign and clean up the track that part of the public domain and then just spell it out so that those who are a little more technical understand what I'm talking about in 2016 Twitter changed its API policy which governs the the flow of larger volumes of data from Twitter to other companies third-party providers of intelligence products for instance if you run an automated at a bottom twitter right now with you run 50 bucks on Twitter which easily can do you can hide them in the noise and then after you run an operation with and you can delete the bots and Twitter is not enforcing across all third-party providers that they will also the need tweets retrospectively in their own databases so you can't even research you know looking back to 2016 how automated accounts abused Twitter as a disinformation platform if you like in the US in general elections in my mind that is absolutely scandalous and it's also knew it was so for example to just to just to maybe add why it's important and try to get at that before but I guess that at the time was imported taught about all the responsibilities of the platforms and the surroundings where these stores developed like like the Infosec community and and and the platforms the different platforms that they would use but 1 of the main and stories I guess that was rightfully so in my opinion on and share a lot of people and talked about a lot of people is how at the
heart of crops hand to hand
Beobachtungsstudie
Telekommunikation
Bit
Punkt
Gruppenoperation
Strömungsrichtung
Plot <Graphische Darstellung>
Hauptplatine
Computeranimation
Rechter Winkel
Datenverarbeitungssystem
Mereologie
Information
Hacker
Einflussgröße
Message-Passing
Zentrische Streckung
Bit
Hauptplatine
Winkel
Computersicherheit
Datentyp
Familie <Mathematik>
Passwort
Information
Figurierte Zahl
E-Mail
Message-Passing
Design by Contract
Web Site
Rechter Winkel
Adressraum
Besprechung/Interview
Speicherabzug
Hacker
Aggregatzustand
Integral
Rhombus <Mathematik>
Einfügungsdämpfung
Bit
Reelle Zahl
Adressraum
Besprechung/Interview
Programmverifikation
Information
E-Mail
Service provider
Design by Contract
Strahlensätze
Software
Extrempunkt
Adressraum
Besprechung/Interview
Systemaufruf
Extrempunkt
Softwareentwickler
Message-Passing
Digitale Photographie
Endogene Variable
Besprechung/Interview
Programmverifikation
Ablöseblase
Physikalisches System
Gesetz <Physik>
Teilbarkeit
Quick-Sort
Besprechung/Interview
Programmverifikation
Quellcode
Information
Schnitt <Graphentheorie>
Computeranimation
Web Site
Webforum
Menge
Spieltheorie
Rechter Winkel
Wasserdampftafel
Güte der Anpassung
Besprechung/Interview
Versionsverwaltung
Physikalisches System
Web Site
Konditionszahl
Besprechung/Interview
Passwort
Hacker
E-Mail
Leck
Konditionszahl
Besprechung/Interview
Zahlenbereich
Information
Quellcode
Chipkarte
Leck
Web Site
Besprechung/Interview
Vorlesung/Konferenz
Information
Inhalt <Mathematik>
Binder <Informatik>
Term
E-Mail
Filesharing-System
Soundverarbeitung
Besprechung/Interview
Vorlesung/Konferenz
Hauptplatine
Attributierte Grammatik
Datennetz
Gruppenoperation
Gebäude <Mathematik>
Physikalismus
Gruppenkeim
Ähnlichkeitsgeometrie
Physikalisches System
Binder <Informatik>
Äquivalenzklasse
Netzadresse
Rhombus <Mathematik>
System F
Twitter <Softwareplattform>
Forcing
Nichtunterscheidbarkeit
Ablöseblase
Gamecontroller
Programmbibliothek
Kontrollstruktur
Inhalt <Mathematik>
Hacker
Ordnung <Mathematik>
Programmierumgebung
Instantiierung
Addition
Web Site
Punkt
Likelihood-Funktion
Besprechung/Interview
Quellcode
Teilbarkeit
Überlagerung <Mathematik>
Hypermedia
Information
Stapelverarbeitung
Normalvektor
Hacker
E-Mail
Verkehrsinformation
Nichtlinearer Operator
Bit
Fächer <Mathematik>
Mereologie
Vorlesung/Konferenz
Paarvergleich
Kontextbezogenes System
E-Mail
Hilfesystem
Zentrische Streckung
Arbeit <Physik>
Mereologie
Besprechung/Interview
Vorlesung/Konferenz
Information
Hacker
Kontextbezogenes System
E-Mail
Public-domain-Software
Nichtlinearer Operator
Prozess <Physik>
Reelle Zahl
Mereologie
Besprechung/Interview
Zahlenbereich
Vorlesung/Konferenz
Hacker
Momentenproblem
Krümmung
Trennschärfe <Statistik>
Hypermedia
Binder <Informatik>
E-Mail
Verkehrsinformation
Packprogramm
Internetworking
Leck
Scheduling
Rechter Winkel
Reelle Zahl
Einfache Genauigkeit
Vorlesung/Konferenz
Information
Hacker
Ganze Funktion
Public-domain-Software
E-Mail
Quick-Sort
Summengleichung
Datenmissbrauch
Web Site
Wellenpaket
Computersicherheit
Speicherabzug
Information
Nichtlinearer Operator
Leck
Strahlensätze
Eindeutigkeit
Besprechung/Interview
Systemaufruf
Vorlesung/Konferenz
Information
Nichtlinearer Operator
Telekommunikation
Besprechung/Interview
Vorlesung/Konferenz
Information
Arithmetisches Mittel
Nichtlinearer Operator
Leck
Rechter Winkel
Geschlecht <Mathematik>
Mustersprache
Besprechung/Interview
Gruppenkeim
Information
Übergang
Modem
Twitter <Softwareplattform>
Koeffizient
Besprechung/Interview
Vorlesung/Konferenz
Wort <Informatik>
Hacker
Gerade
Twitter <Softwareplattform>
Information
Normalspannung
Lie-Gruppe
Quick-Sort
Aggregatzustand
Parametersystem
Datensatz
Twitter <Softwareplattform>
Dreiecksfreier Graph
Hypermedia
Gamecontroller
Abschattung
Vorlesung/Konferenz
Größenordnung
Hacker
Normalspannung
Serviceorientierte Architektur
Datenhaltung
Besprechung/Interview
Gruppenkeim
Versionsverwaltung
Physikalisches System
Hauptplatine
Eins
Strahlensätze
Menge
Twitter <Softwareplattform>
Trennschärfe <Statistik>
Bildschirmfenster
Hacker
Instantiierung
Soundverarbeitung
Extrempunkt
Mailing-Liste
Physikalisches System
Äquivalenzklasse
Term
Ereignishorizont
Arithmetisches Mittel
Echtzeitsystem
Softwareschwachstelle
Luenberger-Beobachter
Vorlesung/Konferenz
Information
Ordnung <Mathematik>
Instantiierung
Beobachtungsstudie
Umwandlungsenthalpie
Nichtlinearer Operator
Perspektive
Mereologie
Zwei
Besprechung/Interview
Abschattung
Luenberger-Beobachter
Vorlesung/Konferenz
Ordnung <Mathematik>
Computerforensik
Raum-Zeit
Serviceorientierte Architektur
Attributierte Grammatik
Soundverarbeitung
Resultante
Autorisierung
Telekommunikation
Interpretierer
Subtraktion
Relativitätstheorie
Adressraum
Interaktives Fernsehen
Quellcode
Kontextbezogenes System
Quick-Sort
Eins
Entscheidungstheorie
Minimalgrad
Rechter Winkel
Offene Menge
Festspeicher
Information
Tabelle <Informatik>
Leistungsbewertung
Web Site
Umsetzung <Informatik>
Punkt
Web log
Hecke-Operator
Adressraum
Familie <Mathematik>
Zahlenbereich
Computerunterstütztes Verfahren
Gesetz <Physik>
Code
Internetworking
Client
Benutzerbeteiligung
Radikal <Mathematik>
Hacker
Figurierte Zahl
Regulator <Mathematik>
Autorisierung
Beobachtungsstudie
Umwandlungsenthalpie
Softwaretest
Zentrische Streckung
Hardware
Physikalischer Effekt
Computersicherheit
Güte der Anpassung
Systemaufruf
Quellcode
Teilbarkeit
Office-Paket
Chipkarte
Forcing
Hypermedia
Information
Bildschirmmaske
Momentenproblem
Gruppenkeim
Web Site
Einfügungsdämpfung
Bit
Prozess <Physik>
Gruppenoperation
Zellularer Automat
Quellcode
Datensatz
Rechter Winkel
Hypermedia
Verzweigungspunkt
Vorlesung/Konferenz
Hacker
Gerade
Punkt
Prozess <Informatik>
Mereologie
Programmverifikation
Sprachsynthese
Quellcode
Kontextbezogenes System
Hacker
Attributierte Grammatik
Subtraktion
Momentenproblem
Perspektive
Strömungsrichtung
Quick-Sort
Soundverarbeitung
Nichtlinearer Operator
Computersicherheit
Datenhaltung
Geräusch
Biprodukt
Datenfluss
Systemplattform
Service provider
Chatbot
Weg <Topologie>
Twitter <Softwareplattform>
Mereologie
Endogene Variable
Hypermedia
Spezifisches Volumen
Information
Speicher <Informatik>
Public-domain-Software
Instantiierung

Metadaten

Formale Metadaten

Titel How to Report on a Hack Without Becoming a Puppet
Serientitel re:publica 2017
Autor Hoppenstedt, Max
Rid, Thomas
Cox, Joseph
Lizenz CC-Namensnennung - Weitergabe unter gleichen Bedingungen 3.0 Deutschland:
Sie dürfen das Werk bzw. den Inhalt zu jedem legalen Zweck nutzen, verändern und in unveränderter oder veränderter Form vervielfältigen, verbreiten und öffentlich zugänglich machen, sofern Sie den Namen des Autors/Rechteinhabers in der von ihm festgelegten Weise nennen und das Werk bzw. diesen Inhalt auch in veränderter Form nur unter den Bedingungen dieser Lizenz weitergeben.
DOI 10.5446/32986
Herausgeber re:publica
Erscheinungsjahr 2017
Sprache Englisch

Inhaltliche Metadaten

Fachgebiet Informatik
Abstract Pretty much everyday hackers target websites, databases, and then in some cases, government institutions too. But for journalists, reporting on these incidents can be an ethical minefield. In this panel we look at the specific responsibilities of the media when it comes to reporting on hacked data, and why the guiding principles such as independence, verification, and transparency are more important than ever, especially when it comes to stories with geopolitical significance like the hack of the US Democratic National Committee.

Ähnliche Filme

Loading...
Feedback