Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Black Hat Asia
March 26-29, 2019
Singapore
Black Hat USA
August 3-8, 2019
Las Vegas, NV, USA
Black Hat Europe
December 2-5, 2019
London UK
12/4/2019
03:10 PM
Alex Wawro, Special to Dark Reading
Alex Wawro, Special to Dark Reading
News
100%
0%

Black Hat Europe Q&A: Understanding the Ethics of Cybersecurity Journalism

Investigative journalist Geoff White chats about why now is the right time for his Black Hat Europe Briefing on hackers, journalists, and the ethical ramifications of cybersecurity journalism.

Now that major data leaks are a semi-regular occurrence it’s more important than ever for cybersecurity professionals to understand how the media covers them, and there’s no better place to do that than Black Hat Europe in London this week.

In his Black Hat Europe Briefing this afternoon on Hackers, Journalists and the Ethical Swamp investigative journalist Geoff White (who has covered technology for, among others, BBC News, Channel 4 News and Forbes) takes five high-profile hacking incidents and analyzes how they reflect key trends and tactics for working with (and some cases manipulating) the news media.

White chats with us a bit about why now is the right time for a talk like this, and what practical takeaways Black Hat Europe attendees can expect from him at the event.

Alex: Tell us a bit about yourself and your path into security work.

Geoff: I’m an investigative journalist and I’ve covered tech for, among others, BBC News, Channel 4 News and most recently The Times. I started doing security coverage while at Channel 4 News about ten years ago when I (and a lot of other people) started to realize the amount of power the tech companies were wielding, and how swaths of society were becoming increasingly reliant on the industry.

Since then I’ve covered election hacking, the Snowden leaks, Bitcoin fraud, bank hacking and energy sector attacks (I’ve got a book coming out in July next year covering all of this, called Crime Dot Com).

Alex: What inspired you to pitch this talk for Black Hat Europe?

Geoff: As part of my book I wrote a chapter about how “hackers” (in all senses of the word) interact with journalists. It’s an experience I’ve been through a few times, and of course there are many examples of data leakers, whistleblowers and occasionally cyber criminals leaking information to journalists either directly or indirectly.

But it struck me that there’s been a sea-change in tactics and approaches: we’re now at a stage where huge swathes of information can be strategically leaked either directly online or via the media, some sections of which are increasingly struggling for attention and therefore keen to cover the latest leaks regardless of the source.

For those whose information is leaked, the effects can be ruinous. It’s an area fraught with ethical challenges, and I don’t think there’s enough open and honest conversation about it.

Alex: What do you hope Black Hat Europe attendees will get out of attending your talk?

Geoff: I hope the talk will get them thinking about the ethics of data leaking and journalism. At one end of the spectrum there are (as there always have been) cases of anonymous whistleblowers working with diligent journalists to reveal stories of huge public importance. At the other end, there are cyber-criminals strategically and cynically dumping sensitive stolen information to harm a target.

But in between there is a big grey area, and if journalists and ethical data leakers want to get public support for their work, they need to be aware of the pitfalls.

Alex: Can you share a specific example of a leak in the big grey area between "of high public importance" and "weaponized disclosure" that you think was handled poorly, and how you hope it would have been improved based on your learnings?

Geoff: For me the most troubling example was the hacking of Sony Pictures Entertainment in late 2014, which has now been attributed by the US to the North Korean government.

Of course, at the time it was far from clear who was behind it, but nonetheless you had a situation where journalists were being emailed directly with stolen information by unknown sources. They were spoon-fed a series of increasingly damaging leaks that, in hindsight, had been calculated to do maximum damage to the company.

You could argue that it was in the public interest to expose sensitive information about a major media company, but the moral high ground got increasingly hard to occupy as more information emerged about who was behind the hack, and I worry that damages public support for journalism.

Learn more about Geoff’s Briefing (and lots of other interesting cybersecurity content) in the Briefings schedule for Black Hat Europe, which returns to The Excel in London December 2-5, 2019.

For more information on what’s happening at the event and how to register, check out the Black Hat website.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
7 Tips for Infosec Pros Considering A Lateral Career Move
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2020
For Mismanaged SOCs, The Price Is Not Right
Kelly Sheridan, Staff Editor, Dark Reading,  1/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
IT 2020: A Look Ahead
Are you ready for the critical changes that will occur in 2020? We've compiled editor insights from the best of our network (Dark Reading, Data Center Knowledge, InformationWeek, ITPro Today and Network Computing) to deliver to you a look at the trends, technologies, and threats that are emerging in the coming year. Download it today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-17103
PUBLISHED: 2020-01-27
An Incorrect Default Permissions vulnerability in the BDLDaemon component of Bitdefender AV for Mac allows an attacker to elevate permissions to read protected directories. This issue affects: Bitdefender AV for Mac versions prior to 8.0.0.
CVE-2020-8009
PUBLISHED: 2020-01-27
AVB MOTU devices through 2020-01-22 allow /.. Directory Traversal, as demonstrated by reading the /etc/passwd file.
CVE-2019-17100
PUBLISHED: 2020-01-27
An Untrusted Search Path vulnerability in bdserviceshost.exe as used in Bitdefender Total Security 2020 allows an attacker to execute arbitrary code. This issue does not affect: Bitdefender Total Security versions prior to 24.0.12.69.
CVE-2019-17102
PUBLISHED: 2020-01-27
An exploitable command execution vulnerability exists in the recovery partition of Bitdefender BOX 2, version 2.0.1.91. The API method `/api/update_setup` does not perform firmware signature checks atomically, leading to an exploitable race condition (TOCTTOU) that allows arbitrary execution of syst...
CVE-2017-16112
PUBLISHED: 2020-01-27
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs:CVE-2017-15010. Reason: This candidate is a reservation duplicate of CVE-2017-15010. Notes: All CVE users should reference CVE-2017-15010 instead of this candidate. All references and descriptions in this candidate have been removed to preven...