Video: The Sharyl Attkisson computer hack; Update: At least one expert skeptical

Via Politico, here’s the cell-phone video she took in late 2012 of strange things afoot on her laptop. And this was the least of it. If you haven’t already, read Erik Wemple’s account from a few days ago of Attkisson and a tech-savvy acquaintance finding a mysterious cable attached to her home’s Verizon box after odd things started happening on her home phone too. Verizon told her they didn’t put it there and sent out a technician — on New Year’s Day — to remove it. The technician wanted to take the cable with him but Attkisson made him leave it, so he did — he placed it on top of the home’s A/C unit, where for some reason it sat for days before Attkisson remembered it was there. When she finally went to retrieve it, it was gone. (Why didn’t she take it to a security expert ASAP after the Verizon tech removed it?) With the cable missing, people have been pressing her to produce some hard evidence that any of this stuff really happened the way she said it did. So now she has. Watch below.

Any experts out there want to take a crack at explaining what’s going on here? Looks to me like she has a word document open (part of it appears to be a transcript of Bob Schieffer talking about “Secretary Clinton”) and lines of text are being deleted, seemingly remotely. A cybersecurity firm retained by CBS News last year concluded that her computer was indeed accessed remotely by some unknown party. A source told Attkisson that at least some of the hacking that was done was achieved with spyware that’s proprietary to government agencies. On the other hand, Apple Remote Desktop already allows one Mac user to remotely access other Mac computers on the same network; if a citizen hacker could somehow access her home network, maybe he could have used something like that to screw with Attkisson’s Macbook? I dunno. This is why I’m appealing to techies.

One thing that does seem odd to me, though, is why a hacker would attempt to screw with a document that Attkisson herself has open, all but ensuring that the hack would be detected. Could he not see remotely that she had the document open? If he could (and I assume he could), and if the point of all this was to “exfiltrate” data, why on earth would the hacker blow his own cover with clumsy keystroke deletions inside a word document while the subject of the hack was watching it happen in real time? If this operation was so granular as to involve surreptitiously redacting Attkisson’s own written reports for CBS News before they made it to publication, obviously those redactions should have been made when she wasn’t accessing the document. If anything, what we’re seeing here looks more like a hacker gaslighting her, creeping her out by making sure that she knows they’re inside her machine. Not sure why a government agency would want to do that given the political sensitivity of hacking a reporter’s computer.

Update: Cybersecurity expert Robert Graham hadn’t seen the video yet when he wrote this post but he’s skeptical from what he’s read about her book that she was hacked.

Attkisson quotes one expert as saying intrusions of this caliber are “far beyond the the abilities of even the best nongovernment hackers”, while at the same time quoting another expert saying the “ISP address” is a smoking gun pointing to a government computer.

Both can’t be true. Hiding ones IP address is the first step in any hack. You can’t simultaneously believe that these are the most expert hackers ever for deleting log files, but that they make the rookie mistake of using their own IP address rather than anonymizing it through Tor or a VPN. It’s almost always the other way around: everyone (except those like the Chinese who don’t care) hides their IP address first, and some forget to delete the log files.

Attkisson quotes experts saying non-expert things. Patel’s claims about logfiles and government hackers are false. Don Allison’s claims about IP addresses being a smoking gun is false. It may be that the people she’s quoting aren’t experts, or that her ignorance causes her to misquote them.

Lots more at the link. Note the disclosure at the end of his post too. One obvious question, though: If he’s right, why did the cybersecurity firm hired by CBS last year find that Attkisson’s computer was indeed remotely accessed? A Twitter pal has an interesting theory about that: Maybe it was CBS itself that was snooping on employees. Once Attkisson figured out that someone was watching, they would have had an interest in showing her they were eager to sniff out bad behavior, even if they knew all along who was behaving badly. Hmmmmm.