Why niche media is extremely important

As much as we rely on the New York Times, sometimes they get it wrong. Really, really wrong. 

As our world is increasingly digital, sufficient technology reporting becomes more important. Cyberattacks, hacking, social media and more exert a large influence on our lives. Yet there is still a notable divide between mainstream technology reporting and publications dedicated to the profession. A perfect example of the pitfalls of traditional media is the recent case of the “largest publicly announced DDoS attack” that “jammed the internet.” Except none of this is true. These overblown claims are the result of shoddy reporting by the mainstream media and unfamiliarity with technology and its workings. What follows is a breakdown of what went wrong and how niche media put the mainstream media back into reality.

The big two start the scare

On March 26, 2013, The New York Times published a story titled “Firm Is Accused of Sending Spam, and Fight Jams Internet.” The story detailed the “squabble” between Spamhaus, a company that identifies spammers, and Cyberbunker, a Dutch Internet hosting company that hosts everything “except child porn and anything related to terrorism.” Spamhaus added Cyberbunker to their blacklist, which email providers use to designate and fight spam. Retaliating, Cyberbunker allegedly initiated a DDoS attack on Spamhaus, who hired Cloudflare, an Internet security company, to help defend them.

The Times reported, “Millions of ordinary Internet users have experienced delays in services or could not reach a particular Web site for a short time” and “millions of ordinary Internet users have experienced delays in services like Netflix.” But there were no sources for these claims. The article carried a quote from the CEO of Cloudflare, who said, “These things are essentially like nuclear bombs… It’s so easy to cause so much damage.” The chief architect at Akamai Technologies, a company whose platform “reaches globally and delivers locally, providing our customers with unmatched reliability, security and visibility into their online business,” said, “It [was] the largest publicly announced DDoS attack in the history of the Internet.” To top it all off, a spokesman for the attackers said, “We are aware that this is one of the largest DDoS attacks the world had publicly seen.”

Around the same time, the BBC published a story detailing the attack titled “Global internet slows after ‘biggest attack in history.’” The story contained similar details as the Times story, along with more quotes from the involved parties. The chief executive for Spamhaus, Steve Linford, told the BBC the scale of the attack was unprecedented and that Spamhaus has “been under this cyber-attack for well over a week” and that “this sort of attack would take down pretty much anything else.” Linford continued, “If you aimed this at Downing Street they would be down instantly… They would be completely off the internet.” BBC’s article has somewhat more diversified sources, such as a cybersecurity firm not involved in this attack and a university professor who provided background information. The article ended with Linford saying, “They are targeting every part of the internet infrastructure that they feel can be brought down.”

Most outlandishly, Cloudflare, the cybersecurity company directly involved in the attacks published a blog post titled “The DDoS That Almost Broke the Internet.” The post details firsthand accounts of the issue and meticulously shows Cloudflare’s knowledge of the situation. The post even ends with a marketing ploy, saying “At Cloudflare one of our goals is to make DDoS something you only read about in the history books.”

Niche media sets the record straight

Luckily, not much slips past plugged-in technology reporters and commentators. In the following days, the truth surfaced about the attack, albeit a much less exciting one. The Guardian, which has a quality technology section, identified the first problem with these articles. Heather Brooke, who covers online culture and hacking, wrote, “In whose interest is it to hype up the collapse of the Internet from a DDoS attack? Why, the people who provide cyber security services of course. And looking at the reporting, almost all the sources are directly involved and have a vested interest.”

She is correct. Every quote in this piece, and likely most of the background information, came from someone who had a stake in the issue. Spamhaus needed to defend their reputation as a spam-fighter; they had to look strong. Cyberbunker wanted to get off the blacklist so they spoke dramatically of the situation. Spamhaus was paying Cloudflare to ward off the attack, so acting like a strong and powerful company behooved Cloudflare, since the better cybersecurity companies look, the more clients they get. The same applies for the cybersecurity company not involved in the attack that was named in the BBC article. Juxtaposing quotes from a few people involved is simply shoddy reporting, if reporting at all.

Next, Sam Biddle, of the tech blog Gizmodo, asked himself a few questions about this alleged internet breakdown:

“Why wasn’t my internet slow? Why didn’t anyone notice this over the course of the past week, when it began? Why isn’t anyone without a financial stake in the attack saying the attack was this much of a disaster? Why haven’t there been any reports of Netflix outages, as the New York Times and BBC reported? Why do firms that do nothing but monitor the health of the web, like Internet Traffic Report, show zero evidence of this Dutch conflict spilling over into our online backyards?”

These are important—and very basic—questions that the Times and BBC never figured to ask.

But the last question is the most important. The Internet Traffic Report, the speedometer for the Internet, showed absolutely no evidence of an attack. If the reporters from the Times and BBC had the domain knowledge, they would have immediately been skeptical of these outlandish claims because there was no evidence of them. But because they did not, they essentially reported on the score of a basketball game without ever checking the score.

Techworld, another niche technology website, checked with Keynote Systems, which monitors websites globally for performance. The senior market manager at Keynote, Aaron Rudger, compared their performance data from Western Europe—where the alleged attack took place—to US data and found no performance changes or discrepancies between the two. Keynote System has no stake in the issue, since they monitor websites, regardless of their levels of traffic, and play no role fending off cyberattacks.

Gizmodo’s Biddle also tackled Cloudfare’s over-the-top blog post, which he said was “like Pfizer telling you how horrible various diseases are, and how well their pills work against them.” With Cloudflare having a massive stake in the issue, the post obviously reinforced how profoundly they handled the attack. They were very proud that their “network held up under such a massive attack” and they are “working with our peers and partners to ensure that the Internet overall can stand up to the threats it faces.” To not identify this post as propaganda is incoherent journalism.

Biddle then contacted Tier 1 operators who maintain the underlying infrastructure of the Internet. They replied “I side with you questioning if it shook the global internet” and “While it may have severely affected the websites it was targeted at, the global Internet as a whole was not impacted by this localized incident.” If the underlying Internet architecture was unharmed, the attack clearly did not break the Internet. Finally, Biddle checked Amazon’s cloud hosting servers—where many large sites such as Reddit, Quora, Foursquare host their infrastructure—which also reported zero outages.

On April 26th, a survey of Times reporters Nicole Pearlroth’s recent articles reveals six corrections in her last ten articles, which is not a great track record. Even more surprising, Pearlroth covers the cybersecurity and hacking beat for the Times, so her unfamiliarity with the basic workings of the sector is surprising. John Markoff, who co-wrote the Times article, is a senior technology reporter for the paper. A survey of his most recent articles during the same time revealed five corrections in his last ten stories he received the byline for. A survey of BBC reporter Dave Lee’s articles revealed no corrections in his last ten articles. However, BBC’s corrections system is antiquated and confusing, so the number of Lee’s corrections may incorrect.

The mainstream responds

Looking like amateur journalists, the mainstream media started to backtrack. The Times added three corrections to their original article in the following days. Most importantly, they retracted their comment about Netflix becoming inaccessible, saying, “Netflix is not available to customers in Germany and Asia, where the attack had its greatest impact; therefore it was not the case that ‘millions of ordinary Internet users have experienced delays in services like Netflix.’” This correction is quite telling, especially of the sloppy reporting. Since Netflix isn’t even available where the attack took place, there was no way Netflix could be broken. Yet the rest of the Times article still stands and BBC did not issue a single correction to their equally flawed piece.