Computerworld - Editor's note: An online story yesterday by Computerworld reporting on terrorist claims of responsibility for having authored the Slammer worm was based on a hoax. The security reporter who wrote the story, Dan Verton, explains in this first-person account how he and others were misled by a U.S. journalist who pretended to be someone named "Abdul Mujahid." The original story has been removed from Computerworld's Web site.
There's an old Italian proverb that says, "Those who sleep with dogs will rise with fleas." That's the situation in which I now find myself.
While catching a few fleas isn't unusual in the murky, dog-eat-dog world of reporting on hackers and terrorists, this hoax is different. Had it been a simple scam, I might be embarrassed. But in this case, the scammer is Brian McWilliams, a former reporter for Newsbytes.com, which is now owned by The Washington Post Co.
For the past 11 months, McWilliams has operated a Web site, www.harkatulmujahideen.org, which once belonged to a real terrorist organization based in Pakistan. It was during legitimate research into pro-terrorist Web sites that I first came across the Harkat-ul-Mujahideen site and McWilliams.
In an elaborate scheme to dupe security companies and journalists, McWilliams acknowledged last night that he purchased the domain name last March and registered it under the name of "Abdul Mujahid of Karachi." He also left a legitimate mirror site in place on a server in Pakistan and by his own admission has been receiving e-mails from people looking to join the actual terrorist group. He then posed as Abdul Mujahid in his communications with people and the news media.
McWilliams' hoax, which he described as an effort to surreptitiously obtain information that he might be able to turn into a good news story, came to my attention after I reported being contacted by Abdul Mujahid. In a series of e-mails spanning several weeks, McWilliams, a.k.a. "Mujahid," claimed responsibility for the Slammer Internet worm late last month. Although my story noted that claims of responsibility for Slammer couldn't be verified, I, along with journalists in India, several computer security firms and even law enforcement experts, didn't see through McWilliams' hoax.
"I worked hard to make the illusion look real," he said in an e-mail to me last night, after the hoax had been exposed. McWilliams also expressed regret for having allowed the hoax to go so far. "But the Internet gives those who want to spread misinformation a big advantage. It's so easy to conceal ... the ownership of a domain."
McWilliams' efforts misled journalists in a foreign
- Cybersecurity for Dummies eBook This book provides an in-depth examination of real-world attacks and APTs, the shortcomings of legacy security solutions, the capabilities of next-generation firewalls, and...
- 2013 Cyber Risk Report The "Cyber risk report 2013 Executive summary" presents the major findings of HP Security Research's comprehensive dive into today's cyber vulnerability and threat...
- Who's Spying on You? You're aware of the threats of malware to your business but what about the ever-changing ground rules? Cybercriminals today are launching attacks against...
- The Threat Landscape Hardly a day goes by without the discovery of a new cyberthreat somewhere in the world! But how do you keep up with...
- Live Webcast Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- It's not too late...Get Your Mobile Questions Answered Live! How can IT provide seamless and secure mobile communications and collaboration for all? Join this live Webcast as IDG asks an expert panel... All Cybercrime and Hacking White Papers | Webcasts