When Spies Hack Journalism
Posted May 12, 2018 4:21 p.m. EDT
WASHINGTON — For decades, leakers of confidential information to the press were a genus that included many species: the government worker infuriated by wrongdoing, the ideologue pushing a particular line, the politico out to savage an opponent. In recent years, technology has helped such leakers operate on a mass scale: Chelsea Manning and the WikiLeaks diplomatic cables, Edward Snowden and the stolen National Security Agency archive, and the still-anonymous source of the Panama Papers.
But now this disparate cast has been joined by a very different sort of large-scale leaker, more stealthy and better funded: the intelligence services of nation states, which hack into troves of documents and then use a proxy to release them. What Russian intelligence did with shocking success to the Democrats in 2016 shows every promise of becoming a common tool of spycraft around the world.
In 2014, North Korea, angry about a movie, hacked Sony and aired thousands of internal emails. Since then, Russia has used the hack-leak method in countries across Europe. The United Arab Emirates and Qatar, Persian Gulf rivals, have accused each other of tit-for-tat hacks, leaks and online sabotage. Other spy services are suspected in additional disclosures, but spies are skilled at hiding their tracks.
“It’s clear that nation states are looking at these mass leaks and seeing how successful they are,” said Matt Tait, a cyber expert at the University of Texas who previously worked at Government Communications Headquarters, the British equivalent of the National Security Agency.
What does this mean for journalism? The old rules say that if news organizations obtain material they deem both authentic and newsworthy, they should run it. But those conventions may set reporters up for spy agencies to manipulate what and when they publish, with an added danger: An archive of genuine material may be seeded with slick forgeries.
This quandary is raised with emotional force by my colleague Amy Chozick in her new book about covering Hillary Clinton. She recounts reading a New York Times story about the Russian hack of the Democrats that said The Times and other outlets, by publishing stories based on the hacked material, became “a de facto instrument of Russian intelligence.” She felt terrible, she reports, because she thought she was guilty as charged.
Others hurried to reassure Chozick that she and hundreds of other reporters who covered the leaked emails were simply doing their jobs. “The primary question a journalist must ask himself is whether or not the information is true and relevant,” wrote Jack Shafer, the media critic for Politico, “and certainly not whether it might make Moscow happy.”
I happened to have written the sentence that distressed Chozick, and I don’t find either her mea culpa or Shafer’s championing of the old rules fully satisfying. For reporters, withholding valuable information from the public is anathema. But in a world in which foreign intelligence services hack, leak and fabricate, journalists will have to use extreme caution and extra transparency.
For the most part, the 2016 stories based on the hacked Democratic emails revealed true and important things, including the party leadership’s hostility to Bernie Sanders’ campaign and the texts of Clinton’s private speeches, which she had refused to release.
The problem was that Russian hackers chose not to deliver to American voters the same inside material from the Trump campaign. The tilt of the coverage was decided in Moscow. By counting on American reporters to follow their usual rules, the Kremlin hacked American journalism.
Yet that sobering experience does not suggest easy remedies. Jack Goldsmith, a former Justice Department official now at Harvard who has written extensively on the press, says he thinks journalists will find it difficult to withhold authentic, compelling material simply because they know or suspect the source is a foreign intelligence service.
“It shouldn’t matter whether the source is the Russians or a disgruntled Hillary Clinton campaign worker,” he argues. “Are you going to exclude the Russians? How about the Brazilians? How about the Israelis? I don’t think it’s sustainable for you to draw those distinctions.”
But David Pozen, a Columbia law professor who carried out a major study about leaks to the American press, says hacking has changed the game by allowing foreign governments to collect confidential information wholesale from American institutions.
“Let’s say Russian intelligence every Monday sends The New York Times a package of great leaks about U.S. politicians,” Pozen said. “Would The Times publish it?”
Publishing leaks provided by foreign spies “legitimizes and incentivizes hacking,” he said. “I think this makes the ethical calculus for journalists much more complex.” Asked if he had any guidelines in mind, Pozen demurred. “I don’t think I have great answers,” he said.
It is tricky enough when the leaked documents are genuine. But the Russians experimented in 2016 with an even more alarming tactic: altering genuine documents and fabricating others, then releasing them with authentic hacked material.
To make a Democratic opposition report on Donald Trump look alluring, Russian operatives added a “Confidential” stamp to its cover before sharing it. Dumping real documents hacked from the Bradley Foundation, based in Milwaukee, the Russians added a forged letter indicating that the foundation had made an illegal $150 million donation to the Clinton campaign.
Fortunately, the forger was ignorant of American politics: The Bradley Foundation is a conservative group that would have no interest in supporting a Democrat, even if it were legal. “It was crazy on its face,” said Rick Graber, the foundation’s president.
More insidious was an episode last year in which hackers, possibly working for Russian or Ukrainian intelligence, released thousands of personal text messages of a daughter of Paul Manafort, Trump’s former campaign manager. The texts appeared to be genuine, and attached to one was a blackmail letter addressed to Manafort, purportedly from a prominent Ukrainian journalist and member of Parliament, Serhiy A. Leshchenko.
Leshchenko insisted that the letter was a fake and shared technical details with The New York Times that strongly supported that conclusion. But his supposed extortion attempt was reported in the United States, Ukraine and Russia, marring his reputation.
Future fabrications will be far more difficult to debunk, including deep fakes, audio and video clips of, say, politicians saying or doing things they never said or did. Intelligence agencies no doubt will be the first to master such tricks.
Amid such diabolical possibilities, journalists will have to tread carefully. They can turn to forensic sleuths to test the authenticity and trace the source of leaked material. They can include, high up in every story, a discussion of the likely source of the material and the source’s probable motive. If a leak appears designed to tilt an election, they can point that out, and report aggressively on the other side to minimize the imbalance.
Despite the hazards, the imperative to publish scoops is likely to prevail. Far from being wary of leaks, most news outlets are inviting them like never before.
In recent years, The Times and many other outlets have added to their webpages a “secure drop” that can offer leakers total anonymity. That may be a crucial attraction for a whistleblower deep inside an American institution, but it will also protect a hacker sitting in Moscow or Beijing. The reporter may never be the wiser.