What journalists can learn from the faux CNN threat

An increased level of skepticism is necessary when reporting on social media or online forums

While Glenn Greenwald was busy lambasting mainstream news publications for a lack of skepticism in the face of the US government’s claims about who orchestrated the Sony hack, a strange offshoot of the story was playing out within his own publication. A digital security scoop turned viral hit—which was then uncovered as an internet prank—the story is an example of how even careful reporters can get tripped up in the murky realm of hackers and online message boards.

On New Years Eve, Jana Winter of The Intercept reported, “The hackers who infiltrated Sony Pictures Entertainment’s computer servers have threatened to attack an American news media organization.” The source for the story was an FBI memo highlighting messages the Guardians of Peace—the group that has claimed credit for the Sony cyber attack—allegedly posted on December 20 to Pastebin, an anonymous online forum.

The story included no message from Pastebin, and Winter wrote, “No mention of a specific news outlet could be found by The Intercept in any of the GOP postings from that date still available online or quoted in news reports.”

Within a few hours, however, Matthew Keys, writing at The Desk, dug up the Pastebin post in question and identified the “American news media organization” as CNN.

The post was nearly identical to another Pastebin message from the same time period attributed to the Guardians of Peace, which mocked the FBI and which CNN reported in late December. In his article, Keys added the caveat, “It is unclear how the FBI authenticated the messages posted to Pastebin.”

The dual reporting job was quickly picked up and re-hashed by other sites, including Business Insider, the New York Post, TechCrunch, and Drudge Report. As it bounced around the echo chamber of the internet, the refrain of “Sony hackers threaten CNN” drowned out any notes of caution in the original reporting.

Then the story fell apart. By the end of the day, a Tennessee-based freelance writer named David Garrett Jr. came forward on Twitter claiming he had written the Pastebin post as a joke.

Garrett said he’d simply copied the earlier post allegedly from the GOP, replaced all appearances of “FBI” with “CNN” and added the last line—“P.S. You have 24 hours to give us the Wolf.”

Garrett said he had meant to critique CNN’s decision to include the “FBI” Pastebin post in the station’s coverage of the Sony hacks. “No one should use Pastebin as a source. It’s all anonymous,” Garrett said in a phone interview. “I thought it’d be funny if CNN picked [my post] up and reported on it, but ironically they were the only ones that didn’t.”

If Garrett’s story is true (The Desk concluded it probably is. The Intercept did not take a stance, but allowed Garrett to speak as though it were), it’s obvious the media spread false information across the Internet, but not so obvious exactly why or what should have been done differently.

The Intercept’s national security editor, Sharon Weinberger, defended the value of reporting on the FBI bulletin, even without being able to independently verify the Pastebin post or its origin. In an email, she wrote,

I do not think — as the editor — that Jana [Winter] could or should have done anything differently in her original piece. Every new news development affects earlier reporting… That the media threat may have been a prank was only known when the alleged prankster stepped forward. It may not have ever been known had Jana not written that story.

In that sense, perhaps the story represents a type of messy, incremental uncovering of the truth that journalists just need to get used to when reporting on the shady players behind most digital security stories. In a follow-up piece, Winter wrote, “Garrett’s claim—whether true or not—underscores how difficult attribution can be when it comes to online threats. And if, in fact, he was responsible for the CNN threat, his ‘prank’ kicked off an FBI investigation that has been ongoing for weeks.”

But Doug Haddix, the director of the Kiplinger Program, a fellowship that trains journalists in the latest Web-based reporting tools, cautioned against the idea of an FBI investigation into an anonymous online threat as a blanket justification for reporting on it. “That’s almost like police-scanner reporting, where just because law enforcement is looking into something doesn’t mean there’s any validity to it,” Haddix said.

There’s an increased level of skepticism necessary when reporting on social media or online forums, Haddix said. “We always as journalists have dealt with anonymous information, it’s just the technology makes it readily available to anybody in the world with an internet connection. That’s the bigger challenge, I think,” he said.

Both Weinberger and Matthew Keys defended the level of skepticism in the original pieces. “In every report published on The Desk, it was made clear that federal law enforcement had not acknowledged how they authenticated the threats posted online or if they authenticated the threats at all,” wrote Keys in an email.

But compare that to the level of skepticism exhibited by Sam Biddle at Gawker, who picked up the story before Garrett came forward: “…there’s no way to prove that Pastebin items… are actually from the hackers—in fact, there are plenty of reasons to suspect they’re not. The inclusion of a stupid YouTube video and the added ‘P.S. You have 24 hours to give us the Wolf’ strike me as something out of a prank, or a goofy copycat.”

Haddix also cited the strangeness of the post as a red flag. Had The Intercept managed to include it with the original piece, it may have sent reporting in a different, more skeptical direction. Cultivating a B.S. detector finely tuned to the complicated world of online communication would seem to be a reporter’s best defense against jokesters like Garrett.

“Part of it is just understanding the space and the platform and the language. The language that people use on Reddit is different from the language that people use of Facebook,” said Haddix.

Even Garrett thought his joke was a little obvious to have been taken so seriously. “‘P.S. Give us the wolf’—I mean, that’s kind of ridiculous,” he said.

Has America ever needed a media watchdog more than now? Help us by joining CJR today.

Kelly J O'Brien is a freelance journalist based in Boston. Follow him on twitter at @kelly_j_obrien