Can a journalist single-handedly put a dent to a more than a century-old and a very well-respected media organization? On June 29 this year, Reuters’ cyber security affairs journalist, Raphael Satter, published a story for the British wire agency. The idea for the story came from two annual reports published by the British and French cyber security watchdogs in late June – London-based National Cyber Security Centre (NCSC) and French cyber watchdog – ANSSI.
The reports collectively highlighted the growing menace of state-backed hackers targeting the legal sector world over. Lawyers and law firms hold sensitive information related to ongoing court cases, which makes them an attractive target for cyber criminals. The reports guide and advise on dos and don’ts and offer a better understanding of the cyber threats and how to deal with it by building resilience. They also mention China, Russia, Iran and North Korea as leading countries with state-backed hackers wreaking havoc.
How reporting is done
The Register, a popular British technology news website, also took notice of the reports and did a proper journalistic piece on it. It was a professional breakdown of all the important elements in the cyber watchdogs’ analysis and refrained from making unverified assumptions, or even adding external elements to it. The tone, approach and treatment of the story did not leave you with any doubt about its veracity.
Satter’s reporting, on the other hand, makes bold distortions, completely altering the complexion of the story.
A crooked version
The word ‘India’ does not even feature in the two cyber reports. In the French report, India’s role has been mentioned in the form of a Reuters story on India, published a year ago. It was not an independent finding by the cyber watchdog.
Yet, three-fourth of the story is dedicated to portray India as a center for disruptive hackers, a narrative that Satter has been relentlessly lobbying for through his writings. A journalist’s job is to provide information in such a way that people can assess it and then make up their own minds. Unfortunately, such articles seem to deviate from these principles by singling out India as a supposed hub for hackers while disregarding the fact that most disruptive state-backed hacking occurs in other parts of the world. This will only perpetuate harmful stereotypes.
The journalist has, apparently, used the cyber reports as a vehicle to relaunch his anti-India narrative.
Reality check
Far from being a hub for hackers, India was the highest-attacked country by hackers in Asia and the second-most attacked country globally, after the United States, in 2022. The number of cyber-attacks on India increased by 24.3 per cent in 2022.
In 2019, CERT-In, the country’s nodal agency for responding to computer security incidents, handled close to 3,94,499 incidents in total, in which it suggested remedial measures for organisations and shared notes on “cyber threats and vulnerabilities”. In the same year, CERT-In issued 204 security alerts and 38 advisories
Credit: The Print team
Attacks in India have increased significantly and one of the most distinguishing aspects in 2022 was the involvement of state actors, including China and Pakistan. So, it’s not really profit motivation, but an intent to tarnish. The developing country, which is still trying to reach the levels enjoyed by the likes of Russia, China, North Korea, Iran, Taiwan, Germany, Turkey, Romania, contributes a mere 2.5% to global hacking traffic.
Perhaps, Satter is not concerned about these figures and reality that contradicts and challenges his viewpoint. But Reuters should. While a single journalist cannot take an organisation down, it can dimmish Reuters credibility and hard-gained reputation.
Worryingly, this isn’t the first time the Reuters’ journalist has tried to upend reality.
A photo that compromised a life
More often than not, the times when the journalists get something wrong is when they take something from somebody or someplace else without making comprehensive verification.
In early June, 2020, Reuters released an ‘exclusive’ story on how an Indian firm, New Delhi-based BellTrox, spied on over 10,000 email accounts worldwide. The story was mainly reported on by three journalists not based in Delhi – Christopher Bing, Raphael Satter and Jack Stubbs. A fourth journalist in Delhi was credited with giving additional inputs, as well as taking the photo of Sumit Gupta, the man leading BellTrox.
Instead of Sumit Gupta, though, he photographed Arvind Kumar, who runs an herbal medicine business in the same building that BellTrox was allegedly operating from, but not the same office space, as claimed by the writers.
Kumar, when contacted by ThePrint, said he had been bothered by a “foreigner” for his photograph even when he kept insisting that he’s not Sumit. As if this was not bad enough, Satter, Bing and Stubbs did not do any verification and rushed into releasing it. Kumar was even harassed by the police because they thought he really is the hacker convicted in the United States.
I have earlier reported on this at length, after which Reuters’ communication director, Heather Carpenter, reached out to me to make a request for removal of the story. It was quite shocking, considering the wire agency’s respected, professional status. It’s important to stress that as an organisation, Reuters has a lot to be proud of. But it needs to ensure the checks and balance it espouses in its editorial policy is reflected in the reporting by its journalists.
Having a diverse newsroom would help, too, with individuals from various backgrounds, ethnicities, and ideologies, helping provide a broader perspective and reduce the risk of homogenous bias. Having experienced editors to oversee the work of reporters, especially on sensitive topics, will reduce the risk of mistakes and discourage journalists to indulge in propaganda.
But most importantly, organizations with legacy, like Reuters, should have a stringent fact-checking mechanism. Verifying information before publishing is primary, meeting deadlines and ‘breaking’ stories secondary. A lot can be destroyed with a single misrepresentation.