This afternoon, I gave a talk on open data journalism at the Developing the Caribbean Conference at the University of the West Indies, Mona in Jamaica. The diGJamaica liveblog captured the discussion. Video may be available later. For now, my presentation is embedded below, with many links inside of it.
Category Archives: journalism
Hacks at Twitter, New York Times, WSJ and Washington Post highlight need for better security hygiene
Earlier tonight, I received an email I would just as soon not have gotten from Twitter, along with 250,000 Twitter users who had their password reset. Twitter security director Bob Lord explained why I’d received the email on the company blog:
“This week, we detected unusual access patterns that led to us identifying unauthorized access attempts to Twitter user data. We discovered one live attack and were able to shut it down in process moments later. However, our investigation has thus far indicated that the attackers may have had access to limited user information – usernames, email addresses, session tokens and encrypted/salted versions of passwords – for approximately 250,000 users.”
Mike Isaac has been following the story the hack at Twitter at AllThingsD, if you want the latest news tonight.
After the password reset, I went through revoked Twitter authorization access to a number of unused apps, something I’ve been doing periodically for years now. That habit is among Twitter’s security recommendations.
I’m thinking about other social media accounts now, too. Shortly after Nicole Perloth began covering IT security for the New York Times, she shifted her practices:
“Within weeks, I set up unique, complex passwords for every Web site, enabled two-step authentication for my e-mail accounts, and even covered up my computer’s Web camera with a piece of masking tape — a precaution that invited ridicule from friends and co-workers who suggested it was time to get my head checked.”
She talked to two top-notch security experts and wrote up a useful list of good digital security practices. Unfortunately, it may be that it takes getting hacked and embarrassed (as I was on Twitter, on Christmas Eve a couple years ago) to change what how people approach securing their digital lives.
I don’t recommend that sort of experience to anyone. I was lucky, was tipped nearly right away and was able to quickly get help from the remarkable Del Harvey, head of the Twitter Safety team.
It could have been much, much worse. I’m thinking of Mat Honan, a Wired journalist who experienced an epic hacking that came about through a chain of compromised accounts at Amazon, iTunes, Gmail and Twitter. After a lot of work, Honan managed to recover his data, including some precious pictures of his child. In the wake of the hack, he turned on 2-factor authentication on Google and Facebook, turned off “Find my” Apple device, and set up dedicated, secret accounts for password management. Honan isn’t alone in the tech journalist ranks: he just happens to have a bigger platform than most and was willing to make his own painful experience the subject of an extensive story.
A jarring reality is that even people who are practicing reasonably good security hygiene can and do get p0wned. Unfortunately, the weakest point in many networks are the humans — that’s reportedly how Google ran into trouble, when key employees were “spear phished” during “Operation Aurora,” targeted with social engineering attacks that enabled hackers to access the networks.
The last paragraph of Lord’s post suggests that a similar expertise was at work at Twitter, although he does not specify a source.
“This attack was not the work of amateurs, and we do not believe it was an isolated incident. The attackers were extremely sophisticated, and we believe other companies and organizations have also been recently similarly attacked. For that reason we felt that it was important to publicize this attack while we still gather information, and we are helping government and federal law enforcement in their effort to find and prosecute these attackers to make the Internet safer for all users.”
It’s been true for a decade but it’s even clearer in the second month of 2013: practicing basic information security hygiene is now a baseline for anyone else online, particularly those entrusted with handling confidential sources or sensitive information.
Chris Soghoian was clear about the importance of journalists and media companies getting smarter about keeping sources and information safe in 2011. Tonight, I am not sanguine about how much has changed since in the news industry and beyond.
Two days ago, the New York Times disclosed that hackers had infiltrated …the New York Times. The next day, The Wall Street Journal has disclosed similar intrusions. Earlier today, Brian Krebs reported that the Washington Post was broadly infiltrated by Chinese hackers in 2012. The Post confirmed the broad outlines of an attack on its computers.
If you’re a journalist & you’re not using a password manager+unique, long random passwords per website: stop, install and configure one now.
— Christopher Soghoian (@csoghoian) February 2, 2013
If you have a moment this weekend, think through how you’re securing your devices, networks and information. If you use Twitter, visit Twitter.com and update your password. If you haven’t turned on 2-factor authentication for Facebook and Gmail, do so. Update your Web browser and use HTTPS to connect to websites. disable Java in your Web browser. Think through what would happen if you were hacked, in terms of what numbers you would call and where and how your data is backed up. Come up with tough passwords that aren’t easily subject to automated cracking software.
And then hope that researchers figure out a better way to handle authentication for all of the places that require a string of characters we struggle to remember and protect.
“Our hearts are broken today“-President Obama, wiping tears from his eyes this afternoon.
I heard his comments on the radio, driving back to DC. I teared up, too. I’ve been mostly reading and listening today, not writing or reporting. I’m thankful I was not responsible for covering breaking news at a media outlet or on the ground in Connecticut, trying to sift fact from fiction or interview bereaved parents or photograph traumatized children.
I can write now with certainty that 27 people were killed by a gunman in Newtown, Connecticut, including 18 children in an elementary school. It’s one of the worst shootings in our nation’s history.
My Facebook feed is full of people offering prayers, voicing anger and frustration, and, happily sharing pictures of their own children. One of my friends announced the birth of his first child. Amidst grieving, new life and joy.
As the reality of this tragedy settles in, this moment may still be too raw to decide exactly what the way forward should be. In the wake of dozens of mass shootings in the past several years, there’s more interest in doing something to prevent them.
What, exactly, we should do to prevent more mass killings should be up for debate, but losing 18 children like this is unbearable. What science says about gun control and killings is not clear, though the literature should inform the debate.
If today is not the time to have that national conversation, many people would like to know when. A new White House epetition asks the President to set a time and place to debate gun policy. Another asks the White House to immediately address gun control through legislation*. As difficult as it may be to navigate the politics of gun control and the 2nd Amendment, that time may have come. That conversation should be balanced by one about mass shootings and mental illness, which is the other significant factor in these events.
In his remarks this afternoon, laden with the emotion that so many of his fellow citizens were feeling, President Obama said that “…we’re going to have to come together to prevent meaningful action to prevent more tragedies like this, regardless of the politics.”
As a country, we need to be able to have a national conversation about what to do next that does not vilify those on the other side of the debate.
I hope our Congress, our Supreme Court, our President and my fellow citizens are ready to work towards preventing more days like today in the year ahead.
The White House epetition to introduce legislation on gun control gained more than 197,000 signatures since its introduction. It was one of the fastest growing White House epetitions to date. By the end of the weekend, it became the most popular epetition in the nation’s history. (Another epetition subsequently passed it in popularly.)
On the evening of December 20, President Obama responded to 32 different epetitions related to gun violence in a video posted on YouTube. It was the first direct response to a White House epetition by a President of the United States.
Earlier in the day, Vice President Joe Biden held the first meeting of a task force formed by the White House to look for ways to reduce gun violence in schools. On December 21st, the National Rifle Association called for armed guards in schools to deter violence.
I sat down for an interview with the “Don’t Worry About The Government” folks earlier today to talk about government as a platform, open data and more. (Bonus: I’m still sporting my summer beard from Maine.)
The interview request was triggered by my post on whether government innovation can rise above partisan politics. In an ideal world — which we of course do not live in — this presidential election would focus more upon what role government should or should play in our society, at the city, state and federal level, and whether and how we the people should finance it.
Over the last century in the United States, the size of the federal government has grown immensely, from entitlement programs (Medicaid, Medicare, and Social Security) to the immense defense budget. Technology provides new opportunities to both save taxpayers dollars and detect and prevent corruption and fraud, but the larger question of the role government itself should play in society is one that should occupy more of the national conversation, frankly, than Representatives skinny dipping on foreign trips, campaign trail gaffes or the latest celebrity foibles.