Computerworld - Editor's note: An online story yesterday by Computerworld reporting on terrorist claims of responsibility for having authored the Slammer worm was based on a hoax. The security reporter who wrote the story, Dan Verton, explains in this first-person account how he and others were misled by a U.S. journalist who pretended to be someone named "Abdul Mujahid." The original story has been removed from Computerworld's Web site.
There's an old Italian proverb that says, "Those who sleep with dogs will rise with fleas." That's the situation in which I now find myself.
While catching a few fleas isn't unusual in the murky, dog-eat-dog world of reporting on hackers and terrorists, this hoax is different. Had it been a simple scam, I might be embarrassed. But in this case, the scammer is Brian McWilliams, a former reporter for Newsbytes.com, which is now owned by The Washington Post Co.
For the past 11 months, McWilliams has operated a Web site, www.harkatulmujahideen.org, which once belonged to a real terrorist organization based in Pakistan. It was during legitimate research into pro-terrorist Web sites that I first came across the Harkat-ul-Mujahideen site and McWilliams.
In an elaborate scheme to dupe security companies and journalists, McWilliams acknowledged last night that he purchased the domain name last March and registered it under the name of "Abdul Mujahid of Karachi." He also left a legitimate mirror site in place on a server in Pakistan and by his own admission has been receiving e-mails from people looking to join the actual terrorist group. He then posed as Abdul Mujahid in his communications with people and the news media.
McWilliams' hoax, which he described as an effort to surreptitiously obtain information that he might be able to turn into a good news story, came to my attention after I reported being contacted by Abdul Mujahid. In a series of e-mails spanning several weeks, McWilliams, a.k.a. "Mujahid," claimed responsibility for the Slammer Internet worm late last month. Although my story noted that claims of responsibility for Slammer couldn't be verified, I, along with journalists in India, several computer security firms and even law enforcement experts, didn't see through McWilliams' hoax.
"I worked hard to make the illusion look real," he said in an e-mail to me last night, after the hoax had been exposed. McWilliams also expressed regret for having allowed the hoax to go so far. "But the Internet gives those who want to spread misinformation a big advantage. It's so easy to conceal ... the ownership of a domain."
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
