What’s the best way for reporting on hacked and leaked data? In an age of mistrust and misinformation, interpreting data and verifying if it’s real or not is more difficult than ever. During a recent talk at UCL, Micah Lee who works as an information security engineer, software engineer and as an investigative journalist, shared tips and advice on how journalists can make sure that the sources they use are authentic.

Being authentic

Reporting facts accurately should be a core principle of any journalist and therefore authenticating data is hugely important. Micah said that there are several ways to do this. The first is simply to ask someone in the know. If you get a data leak or information from a big institution or from somewhere like Downing Street, then, if it’s real, they might want to confirm it, do damage control, and stay on top of the situation.

Another way that Micah advised to confirm data is by comparing it to other sources. This can be done via open-source intelligence, so this could be looking at public records or scraping information from social media or forums.

There is also the option of checking the Domain Key Identified Mail (DKIM), which is a system used to prevent scammers and phishers from forging mail. If you check the DKIM signature header, this will verify if an email is really sent from the mail server that it claims to be from. 

Micah said that data sets are often leaked by transparency groups like Distributed Denial of Secrets or from Tor onion sites or telegram channels operated by ransomware or hacker groups. While they might make the data publicly available, he advised that it’s still best to check this data is authentic.

He also said that it’s good to be as transparent as possible in your reporting to say how you got the data, especially when information is gathered via these methods as there is no real risk at exposing your sources.

Whistleblowers, hackers and confidential sources

Confidential sources can play a massive role in exposing major news stories, but making sure that you are also protecting them at the same time is equally important. Micah said that when data and information is provided by whistleblowers and hackers, it’s a case of balancing protecting your source and authenticating the data at the same time. He gave the example of a whistleblower sending an internal police document and that this couldn’t just be checked with the police department as it would put the source at risk.

Hackers are less of a worry when it comes to protecting them as a source, Micah explained, due to the fact that they are better at covering their own tracks. However, they are still a confidential source so you should do your best to protect them. 

The issue with hackers that Micah mentioned is that you frequently have no idea who you are talking to, so you don’t know their motivation for providing this information or whether it’s true. He said that it’s quite common for state sponsored hackers to leak data to journalists as a way to try and push their own agenda. This doesn’t make it any less newsworthy, though. Micah said that if you’re unsure about your sources credibility then just mention your skepticism in your reporting.

Protecting yourself from data leaks

While being able to authenticate data is important, Micah also stressed the need to protect your own devices and emails, too. He advised that everyone should use disk encryption on all of their devices, and that they should use a password manager and have good password hygiene. He also said that turning two-factor authentication on can help make things even more secure.

The other recommendation from Micah was to always install updates. That’s due to the fact that computers and devices get hacked through vulnerabilities in their software. He said if the software is up to date then there are a lot less vulnerabilities to expose and it will cost hackers a lot more money to exploit this, compared to something that hasn’t been updated in a year. Installing updates as soon as possible offers more protection.