As a journalist who for almost ten years has sought to explain complex computer security topics to a broad audience, it’s sometimes difficult to be picky when major news publications over-hype an important security story or screw up tiny details: For one thing, Internet security so seldom receives more than surface treatment in the media that the increased attention to the issue often seems to excuse the breathlessness with which news organizations cover what may seem like breaking, exclusive stories.
The trouble with that line of thinking is that an over-hyped story tends to lack important context that helps frame the piece in ways that make it more relevant, timely, and actionable, as opposed to just sensational.
I say this because several major media outlets, including The Washington Post and the Wall Street Journal, on Thursday ran somewhat uncritical stories about a discovery by NetWitness, a security firm in Northern Virginia that has spent some time detailing the breadth of infections by a single botnet made up of PCs infected with ZeuS, a password stealing Trojan that lets criminals control the systems from afar. NetWitness found that this particular variant of the botnet, which it dubbed “Kneber,” had invaded more than 2,500 corporations and 75,000 computers worldwide.
The Post’s headline: More than 75,000 Computer Systems Hacked in one of the Largest Cyber Attacks, Security Firm Says.
From the WSJ: Broad New Hacking Attack Detected: Global Offensive Snagged Corporate, Personal Data at Nearly 2,500 Companies: Operation is Still Running.
Yahoo!’s coverage tells us, Scary Global Hacking Offensive Finally Outed.
After a day of dodging countless PR people pitching their experts to pile on to the story, I finally resolved to add my two cents when I heard this gem from the PBS Newshour with Jim Lehrer: “A major new case of computer hacking has been uncovered. A virus known as botnet invaded the computers and used them to steal data from commercial and government systems. Among other things, the hackers have gained access to e-mail systems and online banking.”