Forbes Takes on AntiOnline

infojack writes to us with the the word that Forbes is running a story on AntiOnline. It's a op-ed piece by Adam Penenberg, talking about the creds of John Vranesevich and some of the PacketStorm flap. What I found most interesting was the outright recognition of how the media operates with "experts", and reporters use of the same people over and over.

Defense of the Media

[Skyshadow]

Hey, you gotta be fair. Usually, a reputation is all you have to go on as a member of the media.

Really, you've got to take what people tell you and try to disseminate it into an article about a field you're usually not an expert in. It's not as easy as it looks, but when the editor says "hop" you'd better already know how high.

Contrary to popular /.'er belief, the media (even Jesse Berst) isn't out to distort facts or intentionally get things wrong. It's just a matter of not getting good enough quality information from sources.

If someone can talk to the media and make themselves understood (and seem to know of whence they speak), they're a good source until proven otherwise.

That said, I'm glad that egomaniac JP is getting his at long last -- that Packet Storm thing POed me something royal.

----

Adam Penenburg seems to be cool

[Paul+Crowley]

Do a Google search on Adam Penenburg; find his email address and write to him to congratulate him on this article, before going on to read some of his other stuff, including an enlightenting mea culpa on being taken in by bogus hackers himself, echoing Mike@ABC's comments: writing accurate hacker stories is hard. Sadly, staying credulous makes your stories sound better ("hackers hold up banks with crypto") and no-one seems to notice the difference. Thanks for trying to stay honest.
--

Right on, Forbes, but why did this take so long?

[D-Fly]

It's surprising how long it took for the print media to catch on to the fact that Antionline is full of it.

Once Vranisevich got himself quoted in the New York Times, all the rest of us media people saw him every time we ran a Nexis-Lexis (newspaper database) search on a tech issue. Since the New York Times is the PAPER OF RECORD, and never gets anything wrong, Vranisevich was now a Trusted Source.

But as anyone who reads their weekly Circuits section knows, the Times is no expert on tech issues. They get things wrong all the time--mostly little details that don't seem so important unless you are a rarefied expert in the field, but they do get them wrong.

And they, and the Washington Post, and a few others, really misjudged little Jon Vranisevich.

What is odd is that so few tech reporters seem to really follow the online scene closely. Antionline has been dismissed as a fraud by the hacker/security community at large at least since last year (lots of others thought he was full of it before that, I am sure, and yet the mainstream press kept quoting him.

Forbes has probably done us all a huge service here. Even if the NYT/WashPost/WSJ don't pay attention to Attrition/L0pht/Slashdot enough (yet), they do read Forbes.

I beg to differ.

[D-Fly]

As a newspaper reporter for a huge regional newspaper (Philadelphia Inquirer) that is a subsidiary of a gigantic mega-corporation (Knight Ridder), I respectfully submit that the media can often be characterized as a lumbering homogenous mass of information dissemination.

Because unfortunately, most of the stories your paper runs from outside the local area are probably from one source (the AP collective). And because, like it or not, if the NYT or the WSJ or the Washington Post prints it, most reporters think something is true. And because if a newspaper prints it, the TeeVee drones dutifully put it on the air, minus 99 percent of the content and analysis. And because most of the media (probably including yours) is owned by gigantic evil mega-corporations obsessed with increasing shareholder value at the expense of their viewers'/readers' minds.

More importantly, though, your average local reporter knows a little about a lot, but a lot about only a little, of what she or he covers. That means we rely on experts, and I think too often, we anoint experts without really knowing too much about how much they actually know.

And I think using the Nexis-Lexis database to find experts is just about the WORST thing a reporter can do. Because that leads to the kinds of vicious spirals that turn idiots like Vranesevich into spokesmen for things they know little or nothing about. We should spend a little extra time and find our own experts by researching the field we report on, talking to the relevant players, and figuring out who they respect.

This is an interesting discussion, so don't be offended by my self righteous tone. I sometimes rely on these anointed experts too, but I wish I didn't.

[ps-this was already posted once, but somehow ended up in a completely different article]

They forgot scientific american...

[platypus]

Believe the people from attrition or don't belive them. But here's a text from fyodor, the creator of nmap. He reacts to the publishing of a Carolyn Meinel article in SCIENTIFIC AMERICAN. My god!!!
It's a shame that they didn't react, 2 months later one could read the article in the foreign "brother" newspapers of scientific american. I wrote an angry letter to them, but they insisted mrs. meinel had a good reputation in security circles.
I wonder why I have NEVER seen ANY information of her or her affiliates on bugtrag/ntbugtaq/comp.security.* . Argh, perhaps I'm just to idealistic to think there have to be some journalists who bother to get any information, but this makes me really angry.

Have you ever tried to find a good hacker source?

[gavinhall]

Posted by Mike@ABC:

Before I start, a bit of a mea culpa: I used JP on my site, even did a profile on him back in March or April of '98. And back then, quite frankly, he wasn't a bad source. He had some good stuff, decent contacts, and was still interested in reporting on the hacker scene.

Then, early this year, he re-launched his site and adopted a new editorial policy. And I stopped calling him -- not because of his opinions, because he can do his site however he wants -- but in covering hacking, I need sources that will help me contact and understand the hacking community, not bash it. I want to leave the value judgements to the readers. Thus, I want to have actual hackers as sources, as well as real-world big-time security experts on the other side. Without slamming him one way or another, it's safe to say that JP is neither.

Covering hackers is hard. With a few exceptions, most hackers don't want to be found, and those willing to talk to media usually want a slew of protections. And of course, we in the media have to try to determine whether these folks are bonafide hackers, or just guys who hang out on IRC and play with downloads from last year's B.O. release. It's a tough call, and there are many of us who dropped the ball at one point or another.

As for this column, this was probably the safest way to cover the questions surrounding JP, PacketStorm, and the other controversies. Many journalists have looked into this at one time or another, but there just aren't enough people willing to go on the record to make it a straight news story. But a columnist, as someone writing an opinion piece, has a little more leeway. He must still write factually, but can put forth theories more readily that someone writing straight news stories. I'm glad someone was able to figure out how to report this.

And I wouldn't worry too much about the lawsuits. One could easily argue that by speaking to the media -- indeed, by seeking out news coverage -- JP has made himself into somewhat of a public figure when it comes to the hacking community. If someone slammed JP because of his personal life, then that would be grounds for a suit. But since he's putting himself out there as the expert, questioning that expertise in a public forum is more than appropriate. Of course, I'm not a lawyer...!

That's it. Hope the perspective helps. As usual, this is my opinion, not that of ABCNEWS.com, ABC, Infoseek, Disney, the Mouse, etc., et. al.