This is a live story, with several updates. Please read it all, it takes many turns, and you won’t know what happened unless you do. There are several updates, which are listed at the bottom of this story and are crucial to understanding the context and content of this story.
By now, I’m sure, there are many people who have heard of Christopher Soghoian. Chris is a PhD student at IU, working on a PhD in Informatics, and recently published a PHP-based system that could fake a Northwest Airlines Boarding Page, in an attempt to show how TSA is more “security theatre” than “good security”. It’s no surprise, then, that BoingBoing picked up the ball and ran with it both before and after Soghoian was visited by the FBI and a Congressman had called (wrongfully and idiotically) for his arrest. What’s interesting here, and what’s applicable to our local jurisdiction, is that Brian Krebs, security blogger for the Washington Post picked up the same story, and it reads in similar tone, with similar information.
While I wouldn’t call it “irresponsible journalism,” in the vein of plagiarism, or anything like that, let’s pause for a moment and take a look at Brian Krebs. Back in August, Brian Krebs put out a piece called Hijacking a MacBook in 60 Seconds or Less which, full of Fear, Uncertainty and Doubt, was taken apart handily by Blogger Jon Gruber, including a rehash, or two, or three, in which Krebs’ account is challenged by other writers. Should we be at all surprised if he did take the story from another blogger and repurpose it as his own? Probably not. Hey, those new media bloggers for the Post have to make their shiny nickles somehow, why not do it on the backs of other bloggers?
An Update: After looking at Jardin’s story on BoingBoing, and looking at Krebs’ tale on the Post, I’ve got a major objection here, perhaps someone else can figure this out for me?
The timeline appears odd. BB’s story goes up at 5:30pm on Friday, an hour and forty-five minutes after the form was taken down by the FBI. Krebs wrote in the comments of his post at WaPo: “When I phoned Soghoian Friday evening, he abruptly ended our conversation shortly after it began by saying that two FBI agents were banging on his door asking to speak with him. A short time later, the tool he had posted on his site vanished.” If the timeline holds that the site was offline at 3:45p Eastern Daylight time, how was it that Krebs was still at the site three hours later? That doesn’t fit. The FBI visited Soghoian at 3:45 and the site was taken down around then. If Krebs hears about this at 6:50, calls Soghoian at that instant and only just then is the site taken down, we have a major discrepancy between Krebs’ account and Jardin’s account.
I trust the earlier story. [Further updates cast these stories into interesting light. Read on]
Further Updates Behind the Cut
This post appeared in its original form at DC Metblogs Continue reading →