By Alexandra Kousi
For more than a century, America’s legacy newspapers have held a special place in public life—gatekeepers of accountability, champions of truth, and protectors of democracy. But in the digital age, even the most trusted bylines can be manipulated. Today, new evidence suggests that cyber operatives, possibly acting on behalf of private interests or corporate crisis consultants, are infiltrating respected newsrooms—not just to spread misinformation, but to hijack journalism itself.
At the center of a growing controversy is Ben Weider, an investigative reporter whose name has appeared in articles now at the heart of two active lawsuits filed by prominent Florida attorneys. One, brought by high-profile attorney John Ruiz, alleges that a false narrative was crafted about him using reporting attributed to Weider and published by the Miami Herald, which is owned by McClatchy Media. Another lawsuit, filed separately, raises even more serious concerns: that cyber attackers may have accessed legitimate journalist credentials and exploited weaknesses in web infrastructure to publish damaging stories under trusted bylines—without the newsroom even knowing.
The implications are chilling. If attackers can manipulate what the public sees on a newspaper’s website—while leaving no trace visible to the editors and journalists inside the organization—they can essentially weaponize trust. And if those stories spark public backlash, reputational harm, or even lawsuits, the outlet can still stand behind them, unaware that the content was manipulated in the first place.
DNS Hijacking: An Invisible Attack
At the heart of this method is a sophisticated form of cyber manipulation known as DNS hijacking. By targeting the domain name system (DNS)—the infrastructure that directs internet users to websites—attackers can redirect or mirror content without altering the newspaper’s internal systems. In practical terms, it means a reader might load a page from MiamiHerald.com that looks authentic but was actually served from a compromised server. The newsroom wouldn’t know, because their internal CMS (content management system) still reflects normal operations.
This tactic has reportedly been used to distribute stories bearing the names of real journalists but containing fabricated quotes, invented sources, and harmful narratives. The articles may even vanish or mutate in real time as DNS settings revert—leaving victims confused and legal teams scrambling to determine if what was seen can be proven.
For publishers, this creates a dangerous blind spot. Articles planted through DNS exploits can be monetized through traffic, drive ad impressions, and be amplified across social media—without the outlet ever suspecting something went wrong. By the time reputational damage is done, the story has taken on a life of its own.
Who Stands to Benefit?
Increasingly, fingers are pointing at the growing industry of corporate crisis consulting and strategic communications firms—entities that specialize in defending high-value clients during legal and reputational battles. These firms, including global powerhouses like FTI Consulting, have the technical sophistication and financial incentive to deploy aggressive information control tactics.
According to legal documents and investigative reporting, fake expert witnesses and identity manipulation were allegedly used in a recent legal case involving one of these firms. Some of those individuals were connected to operations managed from FTI’s New York office—the same office that, at the time, was assisting the Manhattan District Attorney in the high-profile criminal prosecution of former President Donald Trump. While there’s no public evidence linking the two events directly, the overlap has raised alarms among legal experts and federal investigators.
Adding to the intrigue, one of the lead forensic accounting experts on the Trump case—a former FBI agent who testified in the Paul Manafort trial—later joined FTI and reportedly oversaw the New York team where these alleged false identities emerged. That coincidence is driving questions about whether firms like FTI, while working with government prosecutors, may also have been engaging in disinformation campaigns on behalf of private clients.
These tactics, once confined to social media manipulation or opposition research, now appear to have evolved into something far more dangerous: the targeted infiltration of real journalism, enabled by cybersecurity vulnerabilities and the trust baked into major news brands.
The Ben Weider Discrepancy
The controversy surrounding Ben Weider adds another layer of complexity. Weider, a reporter with a track record covering political finance and corruption, has been publicly critical of Trump and associated conservative figures. But his digital presence tells a murky story.
An international investigative outlet recently raised concerns about inconsistencies in Weider’s online profiles. His social media accounts, including his X (formerly Twitter) handle, show sporadic posting patterns. Photos linked to him have varied over time, and a person claiming to be his spouse—who publicly states she works for The New York Times—has no official record of employment there. The lack of verifiable background information has led some experts to speculate that either Weider’s identity was compromised, or he is being used as a convenient scapegoat for planted content.
In one of the more controversial stories tied to Weider’s byline, a graphic-laden piece targeting Florida Representative Aaron Bean used an unusually aggressive visual format—something rarely seen in straight news reporting. A similar style appeared in another article that portrayed a Florida attorney in a sensational light. Media watchdogs are now asking: Has the Herald’s editorial standard changed, or has something more sinister crept into the newsroom under the radar?
Herald veteran reporter Jay Weaver, who co-authored some of the articles in question, reportedly told a colleague that Weider “did not write” at least one piece that bore his byline. Still, the Herald declined to retract the article. That decision raises troubling questions about what responsibility news outlets bear if their own systems—or public-facing DNS infrastructure—can be compromised without their knowledge.
A Pattern of Pressure
Adding fuel to the fire, the Miami Herald reporting in recent months has included pointed stories targeting lawyers and legal officials. A recent article took aim at the newly elected president of the Florida Bar, alleging financial misconduct. Another zeroed in on legal misconduct claims tied to high-profile attorneys. The pattern, some observers argue, mirrors strategic smear efforts—especially when combined with legal battles involving corporate litigants with a strong interest in shaping public narratives.
And while most journalists operate with integrity, the close-knit nature of South Florida’s legal and media circles means connections can run deep. One former Herald staffer, now working at a major public hospital, maintains ties with both Jay Weaver and Weider. Investigators are exploring whether such relationships may have provided soft entry points for PR operatives to influence editorial focus.
The Beginning of the Unraveling
What’s emerging is not a case of rogue reporters or sloppy journalism—but something far more systemic. The potential for DNS hijacking to inject falsehoods into mainstream media represents a new front in the information wars. And the combination of cyber expertise, disinformation tactics, and financial motivations creates a perfect storm for abusing the trust between newsrooms and the public.
This story marks the beginning of a larger investigation into how legacy journalism may be under covert attack from forces far beyond the traditional press landscape. In the next installment, we’ll explore how cybersecurity blind spots are being exploited at the infrastructure level, and what major publishers are doing—or failing to do—to protect their brands and their readers.
The battle for truth is no longer just about fact-checking. It’s about protecting the very platforms that deliver those facts in the first place.
