You don’t have to be an expert computer cracker to be a great sleuth. There’s likely already a wealth of publicly available information on your target, whomever that may be, from which to draw. Experts call the material obtained through this kind of directed digging “open source intelligence.” You could also call it, Stuff You Find Online.
On Thursday, Gizmodo’s Ashley Feinberg took an off-the-cuff remark from James Comey, director of the Federal Bureau of Investigation, as the basis for a probe into his possible Internet aliases. Comey had revealed at a dinner that he maintains secret social media accounts, including one “with nine followers” whom are “all immediate relatives.” This seemingly innocuous statement would be his apparent undoing.
Armed with that knowledge, Feinberg set out. She searched Twitter for Comey’s family members. After identifying an old Twitter handle associated with his son, she turned up a video uploaded to Instagram that linked to what appeared to be his son’s profile. When she requested to follow the account, Instagram served up “suggestions for you,” a feature that offers recommendations of similar people to follow, one of which was an account with about 9 followers. (Actually 10.) The account, “reinholdniebuhr,” just happened to share a name with the 20th century American theologian about whom Comey had written his senior thesis in college, a fact Feinberg learned by reading this news story.
Ultimately, Feinberg uncovered what appears to be the FBI boss’ Instagram and Twitter accounts. She builds her case with a heap supporting evidence, including the presence of a tell-tale Twitter follower (Benjamin Wittes, editor of the wonky national security blog Lawfare and personal friend of Comey) and some reasoning behind the choice of a Twitter handle, @projectexile7. (Hint: it sounds a lot like the title of a program, “project exile,” that was a highlight of Comey’s career.)
In today’s networked world, it is nigh impossible for people to fully cover their tracks. Even the director of the FBI, someone who presumably knows a great deal about operational security, left enough hints for a reporter to out him. (The FBI has declined to comment on the report.) If you’re an executive looking to keep a low profile, be aware. The Internet knows more about you than you may think.
Welcome to the Cyber Saturday edition of Data Sheet, Fortune’s daily tech newsletter. Fortune reporter Robert Hackett here. You may reach me via Twitter, Cryptocat, Jabber (see OTR fingerprint on my about.me), PGP encrypted email (see public key on my Keybase.io), Wickr, Signal, or however you (securely) prefer. Feedback welcome.
So long, privacy rules. Congress voted this week to repeal FCC rules that would restrain Internet Service Providers from sharing customer data with advertisers. The White House has already signaled that it intends to grant the move its blessing. Even so, some telecom companies, like Comcast, have made known that they have no plan to sell this data anyway. (Fortune, Reuters, Reuters)
Hello, VPN dilemma. Given the government’s decision to repeal so-called privacy rules, many people are wondering whether they should use a virtual private network to prevent their Internet providers from snooping on their app usage and web browsing. There are lots of VPN options out there and too little information about each, creating a dilemma for consumers. A couple that have come recommended from cybersecurity experts: F-Secure’s Freedome, Private Internet Access, and Trail of Bits’ Algo. (Krebs on Security, Vice Motherboard)
Do you want fries with that hack? Personal information for job applicants at McDonald’s Canada restaurants has been compromised, the company disclosed Friday. The digital theft included names, addresses, email addresses, phone numbers and employment backgrounds for job-seekers over the past three years. Earlier this month, someone hijacked McDonald’s Twitter account to post a condemnation of President Trump. (Reuters)
Encrypted messaging under fire in the UK. Politicians in the EU-defecting country are hinting at the possibility of legislation that would compel encrypted communication providers, like Facebook’s WhatsApp, to decrypt customer messages for the purposes of law enforcement and counter-terrorism. Although the UK has already passed laws that effectively grant this power, insiders say the government is hesitant to invoke its authority for fear that such action will provoke a battle it may ultimately lose. (Guardian, The Independent, Reuters)
Also, the world’s most prolific hacker, revealed.
Share today’s Data Sheet with a friend:
Looking for previous Data Sheets? Click here.
Fortune’s Jen Wieczner explains why retail investors should be excited about digital currencies. (Tag team: I wrote a piece on the latest crypto-financial trend, so-called initial coin offerings, too.)
Fred Wilson, the venture capitalist known for backing Twitter and Tumblr, has made a big bet on blockchain cryptocurrencies including Bitcoin—and he thinks regular investors should buy some too. Speaking Thursday at a conference hosted by StockTwits, the social network for stock traders, he told the story of a man who had emailed him wanting to invest in private startups, wondering how to put money into Union Square Ventures. Wilson had to inform the man, who made $50,000 a year, that he was not wealthy or experienced enough to qualify as an “accredited investor” and was therefore prohibited by law from investing in startup companies before they went public. His alternative recommendation: Buy Bitcoin instead. Read more on Fortune.com.
Believe It or Not: Online Trolling and Abuse Could Get Worse, by Mathew Ingram
Defense Secretary James Mattis: North Korea Is ‘Reckless’ and Must Be Stopped, by Catherine Trautwein
Wall Street’s Love of WhatsApp Is Illegal, by Lucinda Shen
Why Everyone’s Talking About Initial Coin Offerings, by Robert Hackett
Apple Has Fixed a Prankster’s 911 iPhone Hack, by Don Reisinger
ONE MORE THING
That time the U.S. bugged the Soviet Union’s deep sea cables. During the 1970s, a U.S. submarine called the Halibut wiretapped Kremlin conversations transmitted via telephone line beneath the Sea of Okhotsk. In order to stay submerged at the cable’s depths, divers had to fill their tanks with a cocktail of air that swapped nitrogen for helium. After a decade of success, a former NSA employee went rogue and sold details of the mission to the adversary. This daring tale of Cold War espionage—codenamed Operation Ivy Bells, parts of which are still classified—is recounted in the 1998 book Blind Man’s Buff by Sherry Sontag. (Popular Mechanics)