TheHackerNews.com Profits from Deceptive Advertising
Edit (2/18/24):
In response to this blog post, The Hacker News has quietly added “contributed article” notices to all sponsored articles.
It's a positive step toward transparency.
I’ll write a follow-up when I find the time. For now, you can tell which articles have value for cyber threat intelligence teams by looking at the author.
“Newsroom” is news. “The Hacker News” is vendor hype. Detailed explanation below.
A colleague recently shared an article by The Hacker News titled “The SEC Won't Let CISOs Be: Understanding New SaaS Cybersecurity Rules.” Authorship is attributed to The Hacker News, but I became suspicious after reading the content. The article mentions a company called AppOmni several times and contains links to their website.
Then I noticed that the URLs included the phrase “utm_campaign=SEC SSPM Hacker News Article” (see below screenshot). At this point, it became obvious that this paid ad campaign was written by a vendor and inserted surreptitiously into the news feed.
The next thing I did is download their Media Kit, which you can obtain here. In that kit, The Hacker News brazenly declares that it is the only cybersecurity publication that engages in deceptive advertising practices. For $2,500, they will launder any vendor’s marketing material and transform it into “news.” See the screenshot below. Apollo.io estimates an annual revenue of $2,000,000.
Why does it matter? The FTC Act Section 5 generally prohibits deceptive advertising. Because of this act, bloggers, influencers, and media outlets must disclose to their audience when they are paid to make an endorsement. If The Hacker News is paid to endorse products and doesn’t disclose that to its readers, it violates journalism ethics and may even violate the FTC Act. Read the FTC’s guidance here. Excerpt below.
How deep does this go? How many deceitful articles are published daily? Let’s take February 9, 2024, as an example. From what I can tell, advertisements are attributed to the “The Hacker News” account, and news articles are attributed to the “Newsroom” account. Based on that indicator, 3 of the 9 articles on the front page are deceptive endorsements for Myrror, Wazuh (shown below), and Cato Networks. Cato’s ad was originally posted on February 5th, but they must have paid for an ad campaign that inserts it into every page of the site.
This article is attributed to “The Hacker News”. There is no indication that this is paid content, which deceives readers into believing it to be an uncompensated review. If you care about the integrity of the threat intelligence you consume, keep in mind that there is a vendor-positive bias to these articles.
I reached out to The Hacker News for comment but haven’t received a reply. They claim to be “#1 Trusted Cybersecurity News Source”, but that assertion doesn’t hold up under scrutiny. Their new motto should be “Caveat Emptor”. Reader beware.
