How CNBC got burned by a nonexistent ‘cyberattack’

Two weeks ago, CNBC aired a story and published a detailed article about what it called an “audacious,” “brazen,” sophisticated” and “unprecedented” cyberattack against a big hedge fund.

A company called BAE Systems Applied Intelligence said it had identified the attack, but declined to name the hedge fund involved. 

CNBC correspondent Eamon Javers wrote the lengthy look at the incident and also appeared on air in a more than two-minute segment.

Maybe you can guess what happened next: Yesterday, Javers wrote a follow-up article to note that BAE subsequently admitted that the attack on the hedge fund never really happened. It was part of a “scenario” the company had laid out. From the company statement given to Javers:

“From the extensive amount of cyber incidents we deal with, we occasionally produce anonymized illustrative scenarios to help inform industry and the media. We now understand that we recently provided CNBC with an example referencing a hedge fund and incorrectly presented it as an actual BAE Systems Applied Intelligence client case study rather than an illustrative scenario.

“Although the example was a plausible scenario, we believe that it does not relate to a specific company client,” the spokesperson added. “We sincerely apologize for this inaccuracy. We are taking the necessary action to ensure this type of error does not occur again.”

Most sources are prone to spin or errors of omission, rather than outright misrepresentations. But it happens. Along with outing the source as untrustworthy, it also tars the reporter and outlet who didn’t properly confirm the story before running with it.

In this case, a PR firm representing BAE, a publicly traded company, pitched the story. Javers then had a company executive walk him though the incident in an interview and on air. (The company says the executive, Paul Henninger, is now “taking some time away from the business.”)

Javer’s follow up piece presses the company on how this happened and also notes that “On that day the story was posted on CNBC.com, BAE stock went up 1.6 percent with trading volume higher than usual.” (A report by a Forbes staffer says that “BAE Systems stock dropped 1.8% between closing on July 1 and July 2, the day this updated story broke.”)

The company told him it waited so long to rectify the mistake because it “had attempted to get more information on the incident and ‘it took some time’ to conclude it had never happened.”

Obviously, the company and its executive get a black eye for this. But what about Javers?

His article about the attack included this line, “The details of the attack were provided by BAE Systems and were not independently verifiable by CNBC.”

If it can’t be verified, then maybe it doesn’t warrant a full segment and feature article?

Also notable is that the disclosure doesn’t appear until roughly 800 words into the online story. At that point, the reader has been given ample quotes and other details that treat the attack as real. The broadcast segment, however, doesn’t include any disclosures about CNBC’s inability to confirm the information it was relaying.

The story is also positioned online and on air as an exclusive for CNBC, flagging it as important for the reader/viewer. The opening paragraph of the story uses the phrase “CNBC has learned” and the TV report begins with Javers saying that experts at “BAE Systems … tell CNBC exclusively”:

I give Javers some credit for writing a follow up article. He also went on the air with the updated information. (I’ve emailed him for comment about the incident and will update if I hear back.)

My experience is that many news organizations would have just added an editor’s note to the offending online piece, rather than do a new article.

There is indeed an editor’s note at the top of the original, incorrect article. It links to the follow up piece. But I find the note too thin on details. People shouldn’t have to click through to be told that the hacking attack at the centre of the article never really happened. That should be stated up front.

The note:

Editor’s Note: BAE Systems admitted that it “incorrectly presented” the facts and circumstances it supplied in this report after its publication. Please see this follow-up report. 

Notice anything else missing? It doesn’t include any apology or expression of regret for CNBC’s role in the debacle. Nor does the follow-up article.

We have made it easy to comment on posts, however we require civility and encourage full names to that end (first initial, last name is OK). Please read our guidelines here before commenting.

  • The_Truth_Seeker(TM)

    Sorry, may have been somewhere else on Poynter

  • The_Truth_Seeker(TM)

    What happened to my comment?

  • virginiacferguson

    my classmate’s aunt makes $68 every hour on the
    computer . She has been fired for 7 months but last month her paycheck was
    $15495 just working on the computer for a few hours. visit the site R­e­x­1­0­.­C­O­M­

  • mariajlandreth

    my classmate’s aunt makes $68 every hour on the
    computer . She has been fired for 7 months but last month her paycheck was
    $15495 just working on the computer for a few hours. visit the site R­e­x­1­0­.­C­O­M­