Q&A: Why I Warned AAAS About the Hack

Philipp Hummel, the journalist who alerted EurekAlert administrators to a security breach, discusses the role of embargoes in science reporting.

Sep 14, 2016
Tracy Vence

PIXABAY, PETELINFORTHJournalist Philipp Hummel had been accessing embargoed materials through the American Association for the Advancement of Science (AAAS) press release repository EurekAlert for six years before he accidentally hit “publish” on a piece involving unpublished materials too soon. Following his embargo break this July, AAAS warned Hummel that his EurekAlert activity would be monitored until next month, he told The Scientist. Last week (September 11), the Die Welt editor received a strange direct message on Twitter from someone offering him access to embargoed press releases.

See “AAAS Press Release Repository Hacked

The Scientist: How long have you been using EurekAlert?

Philipp Hummel: Six years ago, that’s when I got my accreditation for EurekAlert, which is not so easy to obtain, as you probably know. I read in this Wired piece about the 20th anniversary of EurekAlert that it’s [like] an initiation rite or something for science journalists. Then, when this embargo break came, they wrote to me and said, You have six years of not breaking an embargo and that’s why we are . . . not blocking you directly but setting you on parole for 90 days, until the beginning of October, which I didn’t find so ‘fair,’ as they put it, but I was happy that they did not block me right away. That would have been a big problem for me.

TS: You are one of many people who have accidentally broken embargoes. Why do you think this alleged hacker contacted you, specifically?

PH: I really don’t know, actually. He or she told me that he had access to the admin system and saw that I was blocked, which was obviously not true, it was false information. . . .  Somehow he found out about the time that I would have been suspended if I was. I guess probably he or she approached more people than me. I’m pretty sure I’m not the only one. That would be a coincidence. I [was] the only one to contact EurekAlert and tell them about it; that’s what they told me.

TS: So this person somehow found your name, thought that you were not able to access embargoed materials, and sent you login credentials? Which worked?

PH: Which worked, yeah. At first I thought it was just maybe a hoax, or maybe a threat. Also from EurekAlert, maybe to test me or something. But then the person actually sent two pairs of usernames and passwords and I tried the second one, which was active for journalists . . . and the full subscription worked. At that point I was pretty sure they were a hacker.

TS: You log in; it works. And then what happened?

PH: Then at that point I sent EurekAlert an email. They were kind of surprised and very thankful. . . . And then on one end I’m chatting with the hacker and on the other hand talking to the EurkeAlert people.

TS: What was that like?

PH: It was kind of strange because I was all the time, still now, I’m not really totally convinced that I’m doing the right thing. On the one hand, I understand the motivation, maybe, of the hacker. . . . I thought maybe he was trying to affect the system in a way [to interfere with] embargoes, which I don’t really support because I think it’s ridiculous . . . to make artificial news. So I was kind of pulled in two morally different directions in a way.

TS: Are embargoes ever useful for science communication?

PH: The use would be that all science journalists have a fair chance of covering something because they all have the same deadline when they can publish. That’s something that you could [count] positively for embargoes. But the biggest problem for me is there is this plate where you get presented all this nicely arranged science—“breakthroughs” and stuff—and you don’t really get much into real reporting and real research. I think that harms science journalism. Everybody puts out the same stuff at the same time online, worldwide. . . . Maybe I’m not considering enough positions, but for me, from a journalistic point of view, I think it’s not a good thing.

TS: What do you hope might come of this situation?

PH: I hope this can start a debate on embargoes and the whole procedure of how science journals, like Nature, Science, all the big ones, [influence] science reporting. That’s something that needs debate, I think, and this would be a good point to start it. [This situation] has shown that we [science journalists] really are very much dependent on EurekAlert and that’s something that should be taken into consideration.