Security firm Malwarebytes has been one of the few companies or individuals that refused to swallow a bogus report about three million smart toothbrushes being used in a DDoS attack.
A large number of so-called tech publications simply regurgitated the report which first appeared in the Swiss newspaper, Aargauer Zeitung.
Malwarebytes posted a blog [screenshot below] with a single line about the bogus story; under the heading "How to tell if your toothbrush is being used in a DDoS attack" the company's Mark Stockley wrote: "It's not." And the post ended there.
Veteran tech journalist Steven Vaughan-Nichols, senior contributing editor at ZDNet, was among those who fell for the bogus tale, breathlessly writing, "While the details are scarce, we know that the compromised toothbrushes were running Java, a popular language for Internet of Things (IoT) devices.
{loadposition sam08}"Once infected, a global network of malicious toothbrushes launched their successful attack. The repurposed toothbrushes accomplished this by flooding the Swiss website with bogus traffic, effectively knocking services offline and causing widespread disruption."
The only DDoS these toothbrushes were involved in happened on my feed this morning. Be real.https://t.co/610mHcArFD pic.twitter.com/Fgi5vfXEkZ
— Jake Williams (@MalwareJake) February 7, 2024
Veteran technology practitioner Robert Graham, better known as Errata Rob in the industry, was scathing in his reaction to the spate of journalists who swallowed the tall tale and spread it.
"Every 'journalist' who has repeated this story has demonstrated their lack of journalism," he wrote on X [formerly Twitter].
"Firstly, they are all just copying the original story providing no additional details. This is already shit journalism.
"Secondly, they don't care whether it's actually true. The original story suggests it isn't - it's a hypothetical.
"Thirdly, as this story does, they push some grander narrative about cyber security dangers and 'how to protect yourself' that is itself garbage."
FIRST THEY CAME FOR YOUR PLAQUE, NOW THEY'RE COMING FOR YOUR STACK pic.twitter.com/gZbwIVMOkT
— Rik Ferguson ??? (@rik_ferguson) February 7, 2024
Former NSA hacker Jake Williams dismissed Vaugh-Nicholls hysterics with a single line: "The only DDoS these toothbrushes were involved in happened on my feed this morning. Be real."
The bogus story provided more insight into the current state of security reporting than anything else has in recent times.