Interview about attacks on GMWatch

Print
Details
Here is a transcript of a new GM Watch podcast in which you can hear GM Watch founder, Jonathan Matthews, being interviewed by Peter Brown - GM Watch's podcast producer, about the cyber attacks that recently drove the GM Watch website offline.

We had a few problems with phone line quality when recording this so if Jonathan sounds like he's got a heavy cold and is less than fully audible at any point, please refer to the transcript.

Our podcasts are available for free by subscribing via iTunes. If you don't already have iTunes installed, it's best to do this first. iTunes is available for free at http://www.apple.com/itunes and it will work on a PC or a Mac. When iTunes is installed, click on the following URL: http://phobos.apple.com/WebObjects/MZStore.woa/wa/viewPodcast?id=158600210

This will open iTunes, where you can subscribe to our podcasts, and this podcast should then automatically download. When you've downloaded the podcast, you can use iTunes to play it on your computer or you can transfer the file onto a portable media player (an mp3 player or iPod).

Once you've subscribed to the GM Watch channel, any future GM Watch podcasts will automatically become available.
---
Transcript

Peter Brown: This is the first in a series of GM Watch podcasts in which we're going to look at the PR war that continues to rage over GM crops.

With me to discuss this is Jonathan Matthews, the founder of GM Watch, which for a number of years has been in the front line of those trying to challenge and expose the often bogus PR claims and dubious tactics employed by the biotech industry.

Jonathan, I want to begin this series by asking you about the recent attacks on GM Watch that forced your website and all your lists offline. What's the current state of play on this?

Jonathan Matthews: Well, we're back online again, so that's the good news. We've got a temporary website and we've also re-established our lists and we've been contacting all our subscribers, so they have got the opportunity to resubscribe with us. So we're gradually picking up the pieces but it's been a very damaging attack.

Peter: But, just to be clear about this, now, the GM Watch site has profiles on the PR players in the promotion of GM crops, and George Monbiot has called it the world's most comprehensive database on the impact and politics of GM crops - is that still offline?

Jonathan: Yes, obviously we hope to make the same information available again in the not too distant future - but the GM Watch site as was is gone.

Peter: And that's because of this recent attack?

Jonathan: Yes, following the most recent attack our web host decided to take the GM Watch site offline - and to keep it offline, unfortunately, until we found someone else to host the GM Watch and LobbyWatch sites.

Peter: But surely that's a bit short sighted. Aren't these attacks on websites getting really common these days? I saw a recent headline from Computer World that said that something like half a million web pages had been infected by hack attacks. How does it help to discontinue the relationship with GM Watch?

Jonathan: Well, yes it's certainly true that there have been a lot more websites getting hacked recently, and we're talking about websites that people might expect to be pretty secure, so that includes government websites, in the U.K. for instance, and United Nations websites have been hacked and even, I understand, the Dept. of Homeland Security apparently! So it's certainly not just GM Watch.

Peter: So if these attacks are going on, doesn't that mean that the attack on your website might be just indiscriminate. In other words it might not have been an attack personally against the GM Watch organisation? Surely, you're just one amongst many who are suffering from this?

Jonathan: Well, it's certainly possible that we're talking about something random, but that's not the view of our web host - for a number of reasons. The first one is that this most recent attack wasn't a one-off. In fact, he's actually been at the sharp end of about 14 months of this, so”¦

Peter: So that's been a really sustained attack - for over a year, you mean?

Jonathan: Yes, though the form of the attacks has varied quite a bit in that time. It originally started in February of last year when the server was hacked into and a lot of material was deleted off both our sites at that time, and they also got at the back up for the sites on the server and attacked that, so that caused us a lot of problems.

That's where it started, but after that they stopped hacking for a while and it moved over to what are called Denial of Service attacks, you know, which are attacks where they try and make it hard for people to access your site.

Peter: So how does that work? How do they do that?

Jonathan: Well, initially they were exploiting the fact that the pages on our sites were generated from a database type system and this enabled them to inject into that in a way that completely slows down the site and makes it difficult to access.

And that went on and on and on. They just kept that up - it's something that can be automated, apparently. And in the end we agreed with our web host that the site should be changed over from dynamic to static pages, so it moved off that database system.

And that was effective in bringing those attacks to a halt, but the interesting thing is as soon as we made it impossible for them to launch that form of attack, then they hacked back in again and they defaced the site again. But that time we were ready for them - you know, we had new measures in place and it was easy to restore the sites (and) get back online.

And then they shifted over to a new form of Denial of Service attack where they pounded the sites with huge numbers of hits. Again that's a type of attack that can be automated, but actually the site stood up to it pretty well. So then they hacked back in again and really attacked the site big time.

Peter: So now you're talking about the most recent attack? What did they exactly do?

Jonathan: Well, the attack itself was pretty devastating. They hacked into the server and attached over 20 different viruses plus spyware to the GM Watch site. And they may also have put in some malicious code, as well. A network engineer who our web host brought in to advise on what damage had been done said that he'd actually never seen anything like it in his 20 years in the industry. They also deleted some of the site content, as well.

Peter: Some of the site content? So what did they delete?

Jonathan: Well, the home page off the LobbyWatch site went. The interesting thing actually was that in this last attack, unlike the earlier attacks when they hacked in and defaced the sites - on those occasions what they'd done, it was clear, was just try to delete everything they could - but this time they seemed to just target certain specific pages.

So we lost, as I said, the home page on the LobbyWatch site. We had some pages linking through to GM Watch material that had been translated into different languages - pages with those links on were deleted for some reason. And then we had an interview I'd done with Marina Littek of Green Planet which went into a lot of detail about the dirty tricks campaign Monsanto and its Internet PR agency Bivings had been involved in that we'd uncovered. So that interview went, and the main page on the 'wormy corn' scandal, that was deleted as well.

Peter: So that 'wormy corn' scandal”¦ that was what lead to calls for the retraction of a pro-GM paper in a science journal, wasn't it?

Jonathan: Yes, and to legal threats against our web host by one of the researchers, and that lead to the GM Watch site being shut down for”¦ only about a week last August. Those were the only pages we've been able to identify as having been deleted in this last attack.

Peter: But don't you think this is just another example of the current attempts to target certain types of servers on the Internet?

Jonathan: Well, our web host thinks not. His point is that if these attacks had simply been coming about because hackers had spotted certain vulnerabilities in his server - you know, certain things they could exploit, like versions of code or software products they knew they could target, then why over that 14 month period did they always target our websites and not any of the 300 or so other websites he's also got on that server. I mean, it was just always us and I think that persuaded him that there was something personal about this!

Because those other websites are operating off exactly the same kind of platforms as us - and in fact over time because of the attacks, obviously, he was making changes to our sites, like moving us off a dynamic system onto static pages and doing other things to make it hard to attack us, so in a way other sites on his server became relatively easier to attack than us, but they didn't ever attack those, even though they still had those loopholes and we'd closed them on our sites. They kept coming after our sites each time, changing tactics and the form of attack.

Peter: Yes, it does seem rather strange. So none of these other websites have suffered any defacement - any deletion of pages - or viruses - or spyware-attachments, or any Denial of Service attacks, or anything like that, then?

Jonathan: No, that's right. All the attacks have been focused exclusively on us, so he feels that when you're looking at multiple attacks, and attacks sustained over a period of more than a year, that that's got to be beyond any sort of coincidence.

Peter: So that's why your web host doesn't want to continue to host GM Watch?

Jonathan: Well, in fairness, it's not that he doesn't want to continue to host us. He's very uncomfortable with the sort of freedom of speech issues that this brings up. It's just a commercial decision that he can't actually afford it. He's had to make that decision because of the costs it's involving him in - the work and the time, as well as money from bringing in other people's expertise. He's just been spending time trying to make his server more secure, trying to make it impossible to go on attacking our sites, but the tactics keep changing and the attacks keep coming. And, funnily enough, since he shut down our site nearly 3 weeks ago, it's all stopped.

Peter: He's had no more attacks?

Jonathan: No. Our web host has not failed to inform us that in the 3 weeks since our site's been down, he's had no problems at all. So peace reigns after 14 months of attacks. And”¦ you know, perhaps I shouldn't mention this, because perhaps they'll now attack his server just to prove they weren't chasing after us!

Peter: And do you have any idea who's behind these attacks? Is there any technical way of identifying that?

Jonathan: Well, to an extent there is. There are logs - web logs - for the site, which can give some information about what's going on and where any attack has apparently come from. So that should be able to tell you what machine, which country, etc. But, in fact, the information from our site logs has been pretty limited because when our web host came to examine it, he discovered a lot of the logs had been corrupted.

Now, he assumes that this has come about as the result of the most recent attack, because he didn't have a problem with web logs before that, and he hasn't got a problem with the logs on any of his other sites. They all seem to be OK. It's just ours where there's a problem, so his assumption is that our logs have been targeted in some way.

Peter: So the information is pretty limited that he's gleaned?

Jonathan: Yes, it is limited, though one thing that is clear is that not all the attacks have come from the same place.

Peter: But doesn't that mean if it isn't the same people that are targeting you, doesn't that support the idea that these attacks are not really connected?

Jonathan: Well, in the view of our web host, then because the focus has been exclusive to our sites and because of the continuity of the attacks, then he feels that even though different attackers have been involved, then it means the attacks are being deliberately directed at us as an organisation.

So, what he thinks has been happening is that someone - you know, some individual or some organization - has actually been commissioning the attacks - probably commissioning them from well-known hacking and defacing communities that have expertise in this sort of thing.

Something that might support that is the timing of some of these attacks. From our point of view, being on the receiving end of these attacks, there have been some remarkable coincidences.

Just to give a couple of examples, after the first attack we got the site back online and we launched a financial appeal and 24 hours later the Denial of Service attack was up and running for the first time. Now what was interesting about that was that our financial appeal was heavily dependent on people going to a page on the site and linking from there to make a donation online, and that's the way that most people would donate. And, of course, the effect of the Denial of Service attack was that we were getting loads of e-mails from people saying, 'Look, we want to donate, we want to support you, but we can't actually get onto your site, we can’t get onto this page to make the donation'. So, if you were going to design an attack and time an attack, it couldn't have been timed better.

There was another remarkable coincidence, which was at the end of this sequence of attacks, so in terms of the latest attack. And what was interesting about that was that about a week before that attack we actually commented on the attacks, which we hadn't really done for about a year. And we put out a statement on our lists saying how these attacks had been going on - giving some idea of what had happened, but basically saying that we seemed to have weathered the storm. And actually, you know, we were feeling fairly complacent in a way because of the changes that had been made. We didn't feel that their most recent attacks had really been very successful, so we were feeling a little bit smug almost. And then in comes this huge attack that drives us off line and makes our web host decide that we need to go and find someone else to host us.

Peter: I suppose the other question is why would anybody want to drive you off line. There are lots of effective anti-GM campaigns out there, in some cases involving big hitting organisations, so why pick on GM Watch?

Jonathan: Well, I suppose I could use the well known mosquito analogy: you don't always have to be big to get under people's skin or to make them want to swat you. And it's also the case that we've published some quite hard hitting material - you know, sometimes exposing dubious claims, and sort of underhand tactics - dirty tricks campaigns and so on, and that definitely hasn't been welcomed. Our sites, as you mentioned, have also included extensive personal profiles on biotech PR players, and these have sometimes contained material that we know that people would prefer not to have disclosed. So there is probably no shortage of people who 'owe us a grudge', you might say.

And, I think, the other thing that our investigative work has taught us is that there are people out there engaged in promoting GM who are willing to engage in pretty dubious tactics to achieve their ends. And we're not the only ones, you know, who have uncovered that. There's been an extensive article that came out in the US recently which looked at what they call 'black ops' against environmental groups, and this involved surveillance, infiltration, stealing stuff like laptops and confidential documents, people's personal financial details, and quite a bit of this was targeted against anti-GM groups.

So we know there are some pretty unscrupulous people out there. And some of the PR people are quite clear that they're encouraging their corporate clients to play hard ball. They seem quite clear about that.

The boss of one of the PR firms mentioned in the recent article explains his philosophy by quoting Al Capone who apparently said: 'You can get more with a smile, a kind word, and a gun than with a smile and a kind word. ' So there are definitely people out there who think that playing hard ball is a good idea.

Monsanto's former head of Internet PR also had a favourite quote that he'd tell to PR audiences, which was about the Internet being a weapon. He said, 'Think of the Internet as a weapon on the table. Either you pick it up or your opponent does - but somebody's going to get killed.'

So, we're a campaign group whose impact has absolutely been centered on our lists, our websites. What we're doing - our work - lives or dies by the Internet, and our impression is that there are some people out there who are determined to try and make sure that it dies.

Peter: Yeah, so what are you doing to make sure that they don't succeed in killing GM Watch off?

Jonathan: Well, we've got the lists up and running again - I mean, that's a major step forward. And we're having to get people resubscribed but that is steadily happening. We've got a temporary website in place, and now everything we are doing is centered on security.

And happily we've got some excellent technical support and advice coming in, and so we're looking to re-establish the sites but to re-establish them on a very secure basis so that we can weather whatever other targeting occurs.

Peter: So, thanks Jonathan for explaining all that's been happening with GM Watch.

As Jonathan mentions, GM Watch has a temporary website for the moment which you can find at www.gmwatch.org and you can find the latest news there on what's happening.

And if you would like to subscribe - or resubscribe - to any of the GM Watch lists please send an e-mail to the following e-mail address This email address is being protected from spambots. You need JavaScript enabled to view it., saying whether you would like to subscribe to their weekly, monthly or their busy daily list. They also now have a list for German speakers. The e-mail address once again is This email address is being protected from spambots. You need JavaScript enabled to view it..

And thank you for listening to this GM Watch podcast.