OK, I have finally decided to start a blog. I have been thinking about doing this for some time, but had put it off, because I was in school, or just busy, or… something. In other words, I’m a procrastinator with poor excuses.
In the wake of a Congressional scandal that is now being referred to as Weinergate, I finally decided to get down and start this blog because I have been watching this scandal for days and there are far too many people out there on both the left and the right whose take on this story is purely based on partisan politics. I know this because my tweeting over Weinergate has led to me being called a shill for both Andrew Breitbart and the Daily Kos. Recently, I started a new job working e-Discovery projects for a digital forensics firm in Tulsa, Oklahoma, and I wanted to take this opportunity to use my better than average though not expert knowledge to give an analysis on what I believe really happened. First, let’s review some facts in case you missed this story:
On Friday evening, May 27, 2011, a tweet containing a link to a photo was sent to a woman in her early 20’s via Congressman Anthony Weiner’s verified Twitter account. The photo, which was on the Congressman’s yFrog account, contains the underwear region of a man with his penis, which is clearly visible inside the underwear. I happened to be on Twitter when this whole mess started. In fact when the tweets about it started in my timeline, I assumed that this was a few hours old and had that “building steam” status once it got to me. It turned out that I was wrong that this was something that was breaking news.
Breitbart’s BigJournalism.com was the first to break this story that evening, immediately inciting accusations that Breitbart was deliberately trying to make news instead of merely reporting a story. On Saturday the Congressman swore that his account had been hacked. A day later he then told reporters that this was a “prank.” A defiant Weiner has since been asked for several days if he wishes to launch an investigation, and has given press conferences to continue to give the media answers to questions that aren’t really answers at all. These answers have included comparing an alleged breach of a Twitter account to throwing a pie, and calling one Capitol Hill reporter a jackass. Finally, after figuring out what to say to the media, he said that he was going to hire people to conduct a private investigation and then have the FBI pursue criminal charges later if need be. Make no mistake if you know me, either in real life or on social media, you know that I’d like to see Congressman Weiner out of Congress. This guy loves to go on news outlets and show everyone who he answers to, which is neither the media, the constituents he represents, nor the rest of the American people. Congressman Weiner is a d… well… I think you get the picture.
There are three scenarios that are possible. The first possible scenario is that Congressman Weiner is telling the truth. But if his account was truly hacked, why has he not called for a criminal investigation? While refusing to report a crime is not a crime in and of itself, Weiner, as a member of Congress, does have an obligation to the American public to set an example when it comes to cyber-security. Let’s also not forget that impersonating a Congressman is a felony, only adding to the alleged hacker’s woes. Most people whose information is compromised do things to make sure that it does not happen again. This includes changing passwords and removing access to extra accounts that may be linked to the main account. The only way that a hacker can do what is alleged by Congressman Weiner, is by either guessing a password or using some kind of password cracking software to get into his account. Multiple attempts to log in to any account would tip off Twitter that there is potentially a hacker involved and they would likely temporarily revoke access to the account. And the vast majority of hackers, once they have hacked a system or account, immediately change the password(s) to those systems. If that happens then Weiner has no access to his account. However, Weiner was able to tweet almost immediately while this little saga was unfolding. And where is Twitter in this? Nobody is aware of the Congressman notifying Twitter of his account being hacked, and Twitter has said nothing about the security of their system in general. And if the account was actually hacked on a Verified account, then the “Verified” status, if it exists, is removed until it is proven that the actual account holder has regained control of the account, which never happened. Quite frankly, a hack just doesn’t pass the smell test.
The second possible scenario is that the Weiner did it. (Yes, I went there.) This does make some sense at first, since he has not filed an FBI investigation. If the investigation reveals that he really did do it, then he’s hit with a whole bigger scandal than the one he’s got now. Filing a false police report is also a crime that can lead to jail time, and surely his ouster from the House of Representatives. But as arrogant and brazen as Congressman Weiner is, this guy is not stupid. He wants to spend as much time as he can working in the government in some position of power and prestige, and delving into the Internet to gather information about someone is becoming much easier every day. Why would he use Twitter to follow a woman he’s never met (as he claims), who is half his age and lives in Seattle, a city all the way across the country? Unless she worked for the Congressman or is having a romantic affair with him, I just don’t see it. If he actually knows this woman, then the exchange of a picture like this would have likely been sent over email. And if she is having a romantic affair with Weiner, then he wouldn’t need to take a picture of himself and send it to her anyway. I’m not saying this scenario is impossible; I’m saying it’s improbable. Unfortunately, too many people on the right believe that the Congressman did this because they want to believe it. It’s juicy; it’s a Democrat; it could lead to his office being vacated; case closed. However, Weiner is smart enough to know he cannot afford to do something that might cause him enough embarrassment to force him to resign or be removed from office and never be elected anywhere else again.
The third scenario is that someone with authorized access to the Congressman’s account (perhaps one of his staffers) tweeted the photo. As this story has evolved, this actually makes the most sense, both politically and from an IT/Security perspective. We all know by now that most congressmen do not actually tweet all the time from their accounts, but rather have a staffer do it part-time for them. And I have met a congressional staffer or two in my life and most of the male staffers are pretty immature and think something like this is funny. We also remember from a couple of weeks ago that someone at the US Department of Justice sent a tweet about Fox News from the DoJ Twitter account by accident, when he meant to send it from his personal account. That person’s access to the account was removed. It is certainly plausible that this happened again, this time with a staffer. With all of the different applications out there that let you log in to multiple accounts, this is quite easy anymore. It makes for great convenience, but because of that, it also makes for a security nightmare. This could also explain why the Congressman is following such a young woman he doesn’t know. Someone else could be clicking that follow button for him without his knowledge or consent.
So what really happened? People do really stupid things with their own accounts on the Internet. Why would they suddenly wise up when it comes to the accounts of others? It is my belief that a congressional staffer to Congressman Weiner, using his social media accounts at his authorization, had used his own smartphone and logged into Congressman Weiner’s account earlier in the day to tweet on behalf of Weiner, and forgot later to log out of his account. He then unintentionally posts the picture in question on the Congressman’s yFrog account and then tweets the photo to this woman in Seattle from Weiner’s Twitter. He then realizes he has screwed up and tries to cover it up by deleting the tweet and the picture before anyone could see it, but the damage had already been done. Others had already retweeted the link to the deleted photo. So, to try to fade the heat, the staffer decided to write that the Congressman’s Facebook account had been hacked in order to set up the narrative later for the hack of Weiner’s Twitter account. He then deletes all of the pictures in Congressman Weiner’s yFrog account to make it look like a hacker did it, and refuses to fess up to the mistake he made. The next day the Congressman, after being notified of what happened, understandably, took a knee-jerk reaction to the news, and said that his Twitter account had been hacked. He goes on a media blitz to continue to create a mystery around this story. He also announces he has called for a private investigation, instead of an FBI investigation. I believe that Congressman Weiner has a pretty good idea of what happened, but he does not want to admit to the media what happened because he would then admit he was wrong in his original statement that a hacker caused this. And besides he cannot prove anything at this point. I believe that if a private investigation is really held, it ought to include a digital forensic analysis of all computers and smartphones that belong to Congressman Weiner and his employees. However, the announcement that he is hiring people to investigate this privately has now bought him quite a bit of time. If my analysis is accurate, when the investigation concludes it will get buried underneath the headlines for that day, and Congressman Weiner will go about his business as if nothing ever happened.
This should serve as a lesson to everyone on the Internet and especially all those in Congress. DO NOT give someone else access to ANY account for ANY reason. You’re asking for more trouble than you are prepared to handle.