Media Criticism: The Press Needs to Get Far More Rigorous about Reporting on Cybersecurity

Four days ago, NBC reported, as BREAKING news, that in an exclusive interview, Jeanette Manfra had confirmed that the voter rolls of 21 states were targeted in 2016.

Russians penetrated U.S. voter systems, top U.S. official says

The U.S. official in charge of protecting American elections from hacking says the Russians successfully penetrated the voter registration rolls of several U.S. states prior to the 2016 presidential election.

In an exclusive interview with NBC News, Jeanette Manfra, the head of cybersecurity at the Department of Homeland Security, said she couldn’t talk about classified information publicly, but in 2016, “We saw a targeting of 21 states and an exceptionally small number of them were actually successfully penetrated.”

The headline stated and this video (which has been viewed online by 50,000 people) stated explicitly that 21 states were “penetrated.”

I criticized all the breathless retweeting of the report in a subtweet.

Today, DHS did more than subtweet the report and the irresponsible sharing of it. It released a scathing complaint, in Jeanette Manfra’s (the woman NBC interviewed) name, about NBC’s reporting, specifically complaining that NBC reported the number as “breaking” news.

Recent NBC reporting has misrepresented facts and confused the public with regard to Department of Homeland Security and state and local government efforts to combat election hacking. First off, let me be clear: we have no evidence – old or new – that any votes in the 2016 elections were manipulated by Russian hackers. NBC News continues to falsely report my recent comments on attempted election hacking – which clearly mirror my testimony before the Senate Intelligence Committee last summer – as some kind of “breaking news,” incorrectly claiming a shift in the administration’s position on cyber threats. As I said eight months ago, a number of states were the target of Russian government cyber actors seeking vulnerabilities and access to U.S. election infrastructure. In the majority of cases, only preparatory activity like scanning was observed, while in a small number of cases, actors were able to access the system but we have no evidence votes were changed or otherwise impacted.

NBC’s irresponsible reporting, which is being roundly criticized elsewhere in the media and by security experts alike, undermines the ability of the Department of Homeland Security, our partners at the Election Assistance Commission, and state and local officials across the nation to do our incredibly important jobs. While we’ll continue our part to educate NBC and others on the threat, more importantly, the Department of Homeland Security and our state and local partners will continue our mission to secure the nation’s election systems.

To our state and local partners in the election community: there’s no question we’re making real and meaningful progress together. States will do their part in how they responsibly manage and implement secure voting processes. For our part, we’re going to continue to support with risk and vulnerability assessments, offer cyber hygiene scans, provide real-time threat intel feeds, issue security clearances to state officials, partner on incident response planning, and deliver cybersecurity training. The list goes on of how we’re leaning forward and helping our partners in the election community. We will not stop, and will stand by our partners to protect our nation’s election infrastructure and ensure that all Americans can have confidence in our democratic elections.

In response to my observation that NBC should never have presented it as “breaking” news and my subsequent suggestion that it’d be far more useful to educate people about what “compromise” can mean, Ken Dilanian got pissy, suggesting I don’t do reporting.

When I retweeted the video above (h/t K), suggesting maybe Dilanian could educate viewers about what both “compromise” and “penetrate” mean, he responded “Or you could focus on your own reporting.”

Only, we don’t need NBC to do that. We can go back to Manfra’s testimony from June, where she distinguished between “compromise,” unsuccessful compromise,” and “scanning.”

One comprehensive intelligence report published by the Office of Intelligence and Analysis in early October, cataloged suspicious activity we observed on state government networks across the country. This initial look, largely based on suspected malicious tactics and infrastructure, helped inform a body of reporting directly related to election infrastructure. While not a definitive source in identifying individual activity attributed to Russian government cyber actors, it established that Internet-connected election-related networks, including websites, in 21 states were potentially targeted by Russian government cyber actors. Although we’ve refined our understanding of individual targeted networks, supported by classified reporting, the scale and scope noted in that October 2016 report still generally characterizes our observations: a small number of networks were successfully compromised, there were a larger number of states where attempts to compromise networks were unsuccessful, and there were an even greater number of states where only preparatory activity like scanning was observed.

Admittedly, we’d all be better served if Manfra had provided more detail about precisely what these terms mean.

But absent that, the press should be far more cautious reporting on various degrees of hacking, as most people don’t understand the difference between a scan, a compromise, and damage from such compromise.

And lest Dilanian think I wrote this up just to document what a horse’s ass he was in response to well-earned criticism, I should note I’m supposed to be working on this issue in conjunction with a fellowship I’ve got — it turns out I’ve got a meeting this week where this example will come in very handy, thus the value of documenting it.

The explanation for Russia’s 2016 election-related hacking that everyone will agree on is that they did it to sow distrust in democracy. But shitty reporting on attempts to hack our democracy does that just as well.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including Vice, Motherboard, the Nation, the Atlantic, Al Jazeera, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse in Grand Rapids, MI.

31 replies
  1. Rayne says:

    The unmitigated douchebaggery of a paid corporate journalist demanding an independent citizen journalist blogger who relies on piecemeal donations to run this site, do more reporting so they can mooch off it and tweet it.

    I don’t even have words for this kind of hackery. Our democracy is burning down around us and Dilanian, representing the Fourth Estate, is taking pot shots at a citizen whose criticism is accurate?  Jesus Christ, Dilanian, take your lumps like a decent human being and do your fucking job.

    • earlofhuntingdon says:

      There is great utility in being potty-mouthed.  Even the simplest recruit gets the point, or even a reporter, especially the ones who are fair and balanced on screen or in print, and let out their over-competitive rudeness elsewhere, such as when they’ve been scooped or missed happy hour.

      Nicely done, Ms. Wheel.  Next time, buy more bacon: there will always be plenty of turkeys to use it on. :-)

      • Rayne says:

        Men don’t stint when they beat on each others’ poor performance. Locker room talk, so to say. I’m not paid — at all — to make nice with an asshole who disrespects someone who regularly outclasses them with simple logic and a Google search or two.

        Besides, the woman at the helm here is a legendary potty mouth. I’m just trying to hold up my end while she’s being incredibly nice about this.

        • earlofhuntingdon says:

          My criticism was not directed at you or EW.  I find your language funny, direct and informative.

          What I marvel at is Mr. Dilanian’s own goal, scored in his attempt to defend what he must regard as “real” reporters from a DFH blogger.  Is he still playing mop-up for the CIA? With that background, he could work for the NYT or the WaPo, not NBC.

          The CIA’s Mop-Up Man (2014)

          LA Times Disowns Reporter Outed as CIA Collaborator (2014/2017)

          This is a guy who described the brutal indiscriminate car attack on Westminster Bridge and Parliament last spring as “small bore”.   Why he still has the imprimatur of a major news organization at his disposal is anybody’s guess.

  2. SpaceLifeForm says:

    How many retired gop voters with lots of stock are being manipulated ahead of midterms?

    The NBC story also showed DOW down 500 at the time.

    Fox also re-spun the NBC ‘news’.

    http://www.foxnews.com/politics/2018/02/07/top-dhs-official-says-russian-hackers-infiltrated-us-voter-systems-in-2016.amp.html

    [The subtle Message: It’s the ruskies! Your stock is at risk because of the ruskies! Make sure you vote gop because they will protect you and your stock]

    https://m.huffpost.com/us/entry/us_59cd0da3e4b0e005cc57235d/amp

  3. earlofhuntingdon says:

    Ken Dilanian sounds so 20th century.  Real reporters don’t work only for CBS or the NYT any more, assuming they ever did.  After all, the Rocky Mtn News, the Sacramento Bee and the Texas Observer were around then, too, not to mention Izzy Stone and Martha Gellhorn.

    To Marcy’s point, NBC reports, for example, “There is no evidence that any of the registration rolls were altered in any fashion,” according to officials.  If that was meant to assure us, NBC should think again.  NBC might have responded, for example, that there is far more to hacking voting systems – including researching system capabilities and vulnerabilities – than doing a Ferris Bueller by changing days absent from school or a vote tally.

    Perhaps the story NBC might also cover is that President Trump seems to be the only one inside the Beltway who thinks the Russians are simply helping him to be the Greatest President Ever! Or the more scandalous story that their talented Mr. Dilanian thinks that the twitterverse is a criticism-free zone.

  4. Trip says:

    I do not know who this guy is. It seems that he took constructive criticism or critique (a suggestion) as an insult. In his belittlement reply, he made a big announcement that Marcy got under his skin. He’s probably at least a little insecure.

  5. Rapier says:

    “Jump in the trenches”?  They have trenches at 30 Rock? My God, I can only hope Ken doesn’t wear shirts with  epaulettes on the shoulders there.

    OK, that trenches thing wasn’t supposed to be taken literally but it’s still more than a bit thick. As if what Marcy does isn’t reporting. Reporting doesn’t end with new information or facts, it just starts there.

  6. earlofhuntingdon says:

    Attorney General Jeff Sessions seems confused. As C&L’s notes, Sessions recently gave a speech to a national conference of sheriffs. He referred to the great history of the “Anglo-American heritage of law enforcement”.

    The best you could say about Sessions is that he misspoke, and intended to refer to the great heritage of the Anglo-American common law. His reference to “Anglo-American law enforcement”, however, doesn’t elicit images of common law judges limiting monarchical misrule. It elicits images of southern white sheriffs like Bull Connor using police dogs and water hoses to disband civil rights marchers, and images of waterless desert tent jails and documented civil rights abuses committed by former Maricopa County sheriff Joe Arpaio. But Alabama’s former Senator, Jefferson Beauregard Sessions, knows that.

    • earlofhuntingdon says:

      One can only hope that Sessions and Trump are not planning to adopt Philippines dictator Rodrigo Duterte’s response to rebellious women folk.  He’s instructed his security forces not to kill women rebels, but to shoot them in the vagina.  I suppose that eliminates the need to get close enough to grab it, and it’s “more humane” than killing (at least in Duterte’s fevered imagination).

      The valorization of misogyny and sexual violence against women is one of the few international successes of the Trump administration.

    • earlofhuntingdon says:

      As Rayne notes on twitter, the WaPo’s Aaron Blake (“The Fix”) complains today that the left is overreacting to Jeff Sessions’s comment about “Anglo-American law enforcement”.  Another pronouncement about the permitted metes and bounds of public debate from the WaPo.  Mr. Blake, not a lawyer, also contends that to the American legal community, “Sessions’s comments are far from controversial.”  My response is, “What we’ve got here is failure to communicate.”

      Mr. Blake asserts that Mr. Sessions’s comments are no different than Mr. Obama’s, when he talked about the routinely revered traditions of Anglo-American jurisprudence.  He gives three examples.  In all three, Mr. Obama mentions habeas corpus.  He does so when criticizing the Bush/Cheney administration’s prisons in Guantanamo Bay, Cuba, notorious for their abuses both of prisoners and of Anglo-American traditions of justice.

      Known as the Great Writ, habeas corpus is one of the critical foundations of Anglo-American common law and its concept of limited government.  The Writ allows judges to demand that the executive publicly show cause why its arrest and detention of someone is legal.  It is not a favorite topic of sheriffs.

      Understating Jefferson Beauregard Sessions’s “history of racial controversy”, Mr. Blake compares Mr. Obama’s poignant references to habeas corpus to Mr. Sessions’s unplanned reference to the sheriff as, “a critical part of the Anglo American heritage of law enforcement.”

      Historically, the sheriff, or shire reeve, brought the uniformity of the king’s justice to English counties, with their heavily particularized local barons, gentry, customs, and traditions.  It was one of the institutions by which an occupying Norman force consolidated its hold on Anglo-Saxon England.  It did so by adding a layer of monarchical uniformity onto expressions of local Norman power and Anglo-Saxon custom.  Incidentally, in the person of the sheriff, it reinforced the feudal subservience of local barons to their Norman king.  “Justice” still depended heavily on who you were and who you knew, but uniformity was a small advance toward modern conceptions of justice.

      A far more important advance were the king’s judges.  They brought Norman uniformity, wedded to local custom, which the sheriffs and local gentry were responsible for implementing.  But that’s another tale, one I suspect neither Mr. Sessions nor Mr. Blake would wade into before a national conference of American sheriffs.

      • earlofhuntingdon says:

        Obama talked about traditional limits on state power, limits that have been imperfectly reinvented every generation for centuries.

        Sessions, like Trump, with his southern dog whistle politics, talks to sheriffs about taking the gloves off.

  7. DMM says:

    Hahaha, what would Ken Dilanian know about doing any actual investigating and journalism? A poser who let the CIA write his papers for him and is even now too stupid to take correction from the DHS itself.

  8. TomA says:

    It used to be that how you voted was a private matter and could only be ascertained if you chose to tell someone how you voted. Some people prefer maintaining their privacy and others are very open about disclosing how they voted (that’s how polling-based predictions are conducted on the day of the election). Wouldn’t it be a lot simpler, less costly, and more accurate if you could just hack into the polling registers and read the data in real-time? Where there is a will, there’s a way. As long as these poll tallying systems are connected into the internet, they will always be vulnerable to attack, and history clearly teaches that everybody is vulnerable. In a sane world, no polling system would ever be connected into the internet and paper ballots should always be required, either as a primary or secondary record. That no one in DC will fix this problem tells you that cheating is an approved sport in politics.

    • Trip says:

      Agreed. I recall that someone in a position to know also stated (last year) that the intrusions and/or attempts at intrusions happen with great consistency, beyond the last election, and any Russian actors. In other words, a lot of people have breached the systems in a commonplace occurrence. This laissez-faire attitude toward that end is very telling.

      • TomA says:

        Marcy does the heavy lifting on this topic in the blogosphere, and a few politicians like Wyden and Paul have tried to make a difference in the Congress, but the simple truth is that things are getting worse, not better. The technology-driven interconnectivity of modern life has made privacy extinct and the complexity/redundancy of these systems means that loopholes reproduce faster than mitigation controls. We are always chasing our tails when it comes to trying to regain some semblance of order. Chaos is winning.

  9. earlofhuntingdon says:

    Apropos of nothing, this from the Dutch prime minister, who seems to be miles ahead of his American counterpart in all sorts of ways:

    Prime Minister Mark Rutte called both Ireen [Wuest] and Marrit [Leenstra] to congratulate them on their [gold and bronze Olympic] medals. “Fantastic achievements!” he wrote on Twitter.

    The Dutch to date have won ten Olympic medals.  Mr. Trump, who spends more time watching television than the average American teenager spends daydreaming about sex, must have missed the Olympic medals won by the American team.  He hasn’t tweeted a thing about them.

    • harpie says:

      Huh…I read something else about Prime Minister Mark Rutte today, from AFP The Hague Bureau Chief Jo Biddle [This was a series of tweets, not a thread]:

      Dutch FM  @HalbeZijlstra has resigned after lying about attending a meeting with Putin, just hours before he was due to fly to Moscow on official visit / PM @MinPres now coming under fire in Dutch parliament because he was informed by Zijlstra on Jan 29 that he had lied about Putin meeting. First major political crisis of 4-month-old Rutte II cabinet / In a surprise, Dutch MPs now voting on a motion of no-confidence brought by @geertwilderspvv against @MinPres after Zijlstra’s resignation / [email protected] survives no-confidence vote with 101 Dutch MPs against to only 43 in favour

  10. JacobLadder says:

    So typical of left-leaning corporate media and their breathless pushing of the Russiagate narrative. You should asked Dilanian if he could provide YOU with the long list of Russia stories that have had to be either corrected or retracted in the last twelve months.

    • bmaz says:

      And you are so typical of the worthless trolls that have lately appeared to screw with this site. Who is paying you to come inject this horse manure?

Comments are closed.