On Tuesday, it appears that OEN was hacked. An article that was not submitted by an editor, not submitted through the queue and not submitted by a trusted author, was published by someone who signed up the same day. The article reported that a hacker group, Cyberberkut, had hacked the phone of a member of Joe Biden's diplomatic entourage to Ukraine.
The anomaly-- an article published outside the usual routes-- led me to investigate and discover that one of the IP addresses the submitter used was associated with malware-- SQL insertion, spam, even blackmail.
I checked the name of the purported author and found someone in Ukraine with that name. But the photo used in the author ID did not match. I did a reverse image search using tineye.com and there were no other copies anywhere. I hid the article and checked google Webmaster tools, which is my first go-to place to check for malware on the site. Our webmaster also checked his tracking system. No malware was detected. I had already removed one image from Reuters because it violated copyrights. Vidya removed another image that had been included and a link, because they are higher risk for SQL insertion of malware.
Because the article reported on the contents of a diplomatic mission, I was concerned that OEN had, without authorization, awareness or intent, published state secrets. That's why I reported the event to the FBI.
The next day, an FBI agent called and asked for a meeting. We met yesterday afternoon. I informed the FBI agent of the research I'd done.
Frankly, I was nervous, wondering if the agent had any other agendas, assuming he'd seen my FBI file.
Just before the meeting I called former CIA clandestine case officer (spy) Robert David Steele, who I'd met at Hope X-- a conference shown in the Citizen Four movie, and then interviewed earlier in the fall, to ask him for advice. His advice was simple and helpful-- be completely transparent and write about what happened, including the interview, and to let the agent know that while I was a critic of some policies, I was a member of the "loyal opposition" and would never violate basic national security and propriety principles. I followed Robert's advice in my early comments to the FBI.
I went to the Starbucks looking for a Waspy, tall white guy with a suit and overcoat. I've seen enough of them on TV. He didn't quite fit my expectations. I told him I'd just seen Citizen Four. He said he wasn't familiar with it. He actually looked a bit like Snowden, with a partial beard growth, which I told him. "Don't go there," he chuckled. I asked if he'd seen my FBI file. He said he had not.
The discussion was strictly about the event and a bit about OpEdNews. I let him know OEN was the first media org given an award for supported whistleblowers. He asked for some additional information related to the hack-- IPs of visitors from related IPs, the time of the posting of the article, the time I hid it. I told him I'd check and see, but would only give him very limited information I judged relevant. Overall the meeting was very cordial and seemed to be on the table. I was relieved when it was over and had learned a bit more about how to get information from logs the OEN server has that I didn't know about. Oh-- and I did ask him if he'd be available for an interview on my radio station-- as a cyber-sleuth, I thought it would be interesting and enlightening. He didn't say no, but he said there would be a lot of layers of approval involved. Of course if he was authorized to do it, I'd expect that he'd be well briefed and that it would be used for FBI purposes. Still, I'd be interested.
I can't be 100 percent sure this was a hack, but it is the simplest way to explain what happened. My guess is that Cyberberkut inserted the article because it says negative things about the Ukraine regime and the USA's intentions and lauds Cyberberkut. And OEN has been publishing many articles along the same lines, so they may have felt, given our bottom-up, volunteer edited content, that it would not have been noticed. Ironically, there's a chance, if the article had been submitted the normal way, it would have been published. In fact, googling the author, it was published by counterpunch.org. They don't have a system where writers can submit directly to the site. They have articles emailed in and then they post them. But because of the unusual circumstances of how it appeared on OEN, my research led me to believe the submitter was not a real person.
We've added a new additional security element in response to this, which will hopefully prevent it from happening again, though we realize you can never completely protect a site from hackers. Of course, our canary in the coal mine, one of our senior editors, Joan Brunwasser got bit by it, this new security measure, so we're fine tuning it.
Here are my take-aways:
1 We do not tolerate intrusions, however well-intentioned they might be.
2 The FBI will be informed, we will tap FBI resources when we are violated.
3 The FBI in this instance was a pleasure to deal with, easy to deal with, I would do it again.
4 Nothing about this incident reduced our integrity and our commitment to continue being critical of policies and behavior we find abhorrent.