/ 4 October 2019

The digital breadcrumbs behind the M&G’s censorship attack

Implicated: Njock Ayuk Eyong has lodged a complaint against the M&G with the press ombudsman
Implicated: Njock Ayuk Eyong has lodged a complaint against the M&G with the press ombudsman (Supplied)

 

 

‘Hello? Is that professor James Breiner?”

“Yes.”

“It’s about your blog.”

“Okay.”

He’s curt. It had been more than 30 years since he’d been an award-winning investigative journalist in Ohio in the United States. Since then, he’s been an editor and publisher, before entering the world of academia, including stints at institutions in Mexico and China. These days, he’s teaching digital journalism and economics at the Universidad de Navarra in Pamplona, Spain. He also runs a blog that largely focuses on his thoughts about journalism.

The Mail & Guardian had left messages for Breiner on his cellphone, email addresses and, finally, at his department. Breiner initially seems mildly irritated by our unsolicited, mysterious call.

The professor’s blog posts had shown up on other blogs, but under the name of a different author.

“I guess I should be worried about this but, to be honest, I don’t know why,” Breiner said.

The conversation with the much-travelled professor came about as a result of a story that starts in New Jersey in the United States, tracks through Cameroon, and eventually includes South Sudan and South Africa.

One of the key figures in this is Njock Ayuk Eyong, who at one point acted as an intern for US congressman Donald Payne. A judgment obtained by the M&G from the district court for the District of Columbia shows that Eyong was convicted of fraud for impersonating the US congressman. More recently Eyong, who is a key player in a R14.5-billion oil deal between South Africa and South Sudan, had been accused of money laundering.

Eyong, through his law firm Centurion Law Group, has objected to the M&G’s initial article (Fraudster named in SA’s oil deal, M&G, June 19 to 25), claiming a case of mistaken identity. The dispute is currently before the press ombudsman.

Then, on September 10 the M&G received an urgent email from our website’s hosting service, Linode, informing us that it had received a complaint regarding a copyright infringement. A blogger claimed that the mg.co.za domain had plagiarised one of the blog’s articles about Njock Ajuk Eyong.

Even though the M&G has evidence to the contrary and understands that it is very simple to change the date of an online article, the mg.co.za website was shut down by Linode regardless, and we were forced to remove the offending article. Linode said that it would not reveal internal security mechanisms leading to the decision.

The M&G decided to investigate the matter on our own and follow the digital breadcrumbs.

The invisible ‘Ian Simpson’

Linode, which is headquartered in the US, told the M&G that the country’s Digital Millennium Copyright Act (DMCA) requires each claimant to certify the validity of their complaint.

However, records of Linode’s conversation with the claimant show that only the links of the two conflicting articles were shared, together with paragraph extracts that have allegedly been plagiarised.

Peter Fu, who is Linode’s legal counsel, said that the company is unable to respond to how and if they investigated the complaint as it would “reveal internal security mechanisms and likely cause more instances of ticketing abuse”.

Public interest lawyer Avani Singh said that the DMCA allows internet service providers (ISPs) and web hosting services to avoid liability if they act “expeditiously” in removing content. She explained that this means content can be removed automatically with little consideration for whether the complaint is valid.

When asked how many websites Linode has taken down, Fu said that Linode has “filtered about 1 000 host machines” due to DMCA claims this year alone.

“In practice, the opportunity to challenge this [complaint] only arises once the content has already been removed. Commentators [Emily Asp from the University of Iowa College of Law] have described the DMCA as ‘one of the biggest threats to free speech online’, because the ‘notice and take-down scheme’ fails to provide affected websites with due process before the content is removed,” Singh said.

“This forced acquiescence — often in the face of a threat that one’s website will be taken down completely if the content is not removed — and the administrative burden of having to file a counter-notice to justify the content, risks impeding both free speech and procedural fairness.”

One study, titled Notice and Takedown in Everyday Practice, published by researchers from Berkeley Law at the University of California in 2016 found that 72% of takedown requests analysed presented questions about their validity. “These notices often targeted social media, blogs and personal websites, raising even greater questions about their effect on expression,” the research paper stated.

Singh added that matters are further complicated for non-US entities that have to deal with transnational jurisdiction should they choose to challenge the ISP in court.

The ticket lodged with Linode also included the alleged name of the complainant: “Ian Simpson”. Other information provided to Linode included the complainant’s alleged email address, physical address and a contact number.

A former M&G employee in New York verified that the address does not exist. Google Maps and other mapping services also show that there are no records of a street called Hilltop Haven Drive in New Jersey. Similarly, the contact number of the complainant provided is out of service. The M&G tried to verify the validity of the email address to no avail.

“Simpson”, which we believe to be a pseudonym, was the author of World Wide News Blogspot. Public records of business owners in the US show that there is no one by that name living in the state of New York.

World Wide News Blogspot has been active since 2011 and has published 110 posts so far, with most activity occurring in June 2019, when 11 posts were published.

Apart from the first two posts on the blog and the one that has allegedly “offended” the complainant, all of the content has been taken verbatim from other blogs and then posted under the name “Ian Simpson”. A day after the M&G published an article titled “Censored: How the M&G got taken down”, (September 15) the bylines for all the articles on the blog were changed to “Chris Lynn”.

The blog’s site map records show that all the posts were modified on August 10 2019 except for the offending post titled “Fraudster Named In SA’s Oil Deal”, which was modified on September 10 — three days before Linode sent the M&G a notice of copy­right infringement.

The Spanish professor

In the northern Spanish city of Pamplona, better known for its annual bull run, Universidad de Navarra is ranked as the best journalism school in Spain by the authoritative El Mundo newspaper. Breiner is a guest professor who teaches ethics in journalism and digital media and takes a keen interest in the sustainable business models for journalism, ideas which he often shares on his blog.

Unbeknown to Breiner, his blog is at the centre of a web ring — a devious tactic used by hackers to increase traffic to their websites.

A simple Google search and online plagiarism checkers reveal that all of the posts on the Worldwide News Blogspot have been published on other blogs under anonymous bylines and hosted by Google’s blogging service, Blogger.

The sites include USA In News, Kinds Info, Global News, Worldwide News, World Wide News Q and Top Unlimited Quotation. All of the Blogger websites include links that redirect to a blog called News Entrepreneurs, which is authored by Breiner.

The nature of these blogs’ activity appears to be inspired by a “link farm” or a “web ring” approach. Such tactics are used to exploit computers and to increase a specific webpage’s SEO (search engine optimisation)rankings. SEO refers to the process whereby one optimises a website and the content to increase visitor traffic.

An independent investigator who assisted with the research says that most of the “dodgy sites” seemed to have scraped the content from Breiner’s site and then linked back to a different site.

“This creates the illusion that the site has healthy traffic, when it’s actually just derived from misrepresented content,” they explained, adding that the main goal of the dubious blogs would be to gain advertising revenue by increasing the number of visitors to the site.

“I suspect his [Breiner’s] blog has been targeted because it is authentic and not [widely] distributed (and thus there is less chance of being caught out), and his content is also being plagiarised,” the investigator told us.

When the M&G contacted Breiner in Pamplona he maintained that he had no knowledge of the blogs, nor the names “Ian Simpson” and “Chris Lynn”.

Initially Breiner was content about the fact that his ideas were being shared but when the M&G informed him of the larger scheme, he was not impressed.

“If this guy [‘Ian Simpson’] wants to impersonate me, I’m not sure I could do anything about it. Do I think it’s good? No. I’m upset about it.

“I viewed [it] as simply free redistribution. I don’t run ads so it wasn’t costing me anything directly,” he said. “However, the fact that this website is accusing you of plagiarism and trying to get you shut down is worrisome.”

The investigator added that even though these types of attacks are relatively uncommon, sites such as Black Hat World advertise SEO rings and DMCA takedowns on their forums. “Black hat” is a term commonly used to refer to hackers with malicious intent.

Breiner has offered to assist the M&G in any way necessary to track down the culprits behind the attack. Since the M&G began scrutinising the offending blogs, Linode has allowed us to restore access to our disputed article on Eyong.

Linode tells us “Ian Simpson” has gone quiet.

Jacques Coetzee is an Adamela data fellow, a position funded by the Indigo Trust