[Ashley Feinberg] is not one to say no to a challenge. When James Comey (the current Director of the Federal Bureau of Investigation for the United States of America) let slip that he has a secret Twitter and Instagram account, [Ashley] knew what she had to do.
At the beginning, [Ashley] knew only a few things: (1) Comey had recently joined twitter and (2) he only allows his “immediate relatives and one daughter’s serious boyfriend” to follow him. As such, [Ashely] deduced that “if we can find the Instagram accounts belonging to James Comey’s family, we can also find James Comey.”
To start, [Ashley] found the Instagram account of Comey’s 22-year-old son, a basketball star at Kenyon College. Not phased by Brien’s locked down Instagram account, [Ashley] requested access to Brien’s account in order to access the “Suggested for You” selections that are algorithmically generated from Brien Comey’s account. Sifting through the provided accounts [Ashley] found one that fit Comey’s profile: locked down with few friends. That account was named reinholdniebuhr. Not sure it was, in fact, James Comey, [Ashley] found Comey’s senior thesis on theologian Reinhold Niebuhr and televangelist Jerry Falwell as verification.
With Comey’s Instagram found, [Ashley] moved back to Twitter (something y’all can’t seem to get enough of). With only seven accounts on Twitter using some variation of “Reinhold Niebuhr” as a user name, [Ashley] was quickly able to narrow it down to one account (@projectexile7) via profiling, sealing the deal on an awesome hack filled quest. Can’t get enough of social media? Don’t worry, you never have to be disconnected.
Tweets are now protected and only confirmed followers can see them.
Right… “Secure social media” is an oxymoron.
Not a hack?
exactly a hack, a social/data one but a hack nonetheless.
Not a hack, just a skill any child born after 1990 has become painfully aware of.
And us cats that are still hep to the beat daddio.
I have done similar sort of things semi-regularly… usually when some major project contrib up and disappears or one of the clan drops out of contact. In the former case, there’s a sad percentage that seem to have died, many just on a sojourn, in the latter case, it’s usually they got their tech lost, broke or stolen, along with all their contacts and passwords and I have to guide them back again.
if he had just found readily available information sure, but he did have to get onto brien comey’s friend list, similar to several old con games, get your mark to trust you enough to reveal or do what you want.
in my book that makes it just as much a hack as any of the older tricks, just in a new context.
On Instagram simply requesting to be able to follow is enough to get the suggestions. Brien Comey didn’t even have to accept.
ah didnt know that, in that case it is less impressive and basically just information gathering.
I didn’t know that either, but it’s still a “hack” in the traditional sense. Loads of people didn’t know that you could make a free phone call by blowing on a whistle found in Captain Crunch cereal back in the day either.
No, and I guess her point and reason for sharing her sleuthing was to get him to close that account and open another one. It seems silly to me.
First thing to do when trying to find a twitter account: remove twitter.com from your firewall’s block list
Second thing to do when trying to find a twitter account: lobotomy
This does test the line between social morality and privacy somewhat.
I seems fine when it’s someone else that loosing their privacy and we have become accustomed to that because the “big data” sales people have convinced so many people to just accept that.
BUT … does being the “status quo” make *right* or even *acceptable* for peoples privacy to be invaded by other individuals because social media does the same *all* the time?
If you post it on social media it’s no longer private. Expect to be found. If you don’t want to be known on social media don’t use it. Simple as that.
Personally, I don’t use common social media. I use HAD.io which technically is social media but they allow me to control what personal data transacts unlike other forms of social media where you have to sign away you right to breath just to register.
My concern is not for me directly or for the many intelligent people that visit sites like this. My concern is about how the existence of sites that the people here would never register on, how that mere existence is eroding the privacy of *all* other people.
Things are still in flux, our understanding and regulation of these new social media have not kept up with the speed with which they are introduced and adopted. Also, you don’t really want your secretary of state to do business on her own email server, or your FBI chief to be sharing personal info in a way that could be easily compromised.
So… to me it’s Ok to probe, to figure out where the weaknesses are. If a well-intentioned hacker can get to Comey’s social media accounts, you can bet that the dark side can too.
Those “other” people are probably the ones protesting their loss of privacy ON social media lol. I find most of today’s social activists to be walking contradictions.
I’m with you as I thankfully grew up before it became ‘necessary’. Also one of the reasons I am so bad about documenting my projects lol. If I went missing today, my folks would have to give the cops a picture of me with braces and a Tony Hawk shirt. Yes, I am quite ugly.
as i see it anything you willingly put onto social media is information you have willingly surrendered for the explicit purpose of showing to others, not saying that that makes any and all breaches of privacy alright, but in the instances where the information was willingly surrendered i dont think it is a breach of privacy as such.
People who use facebook surrender their bio-metrics. I wonder how many of them understand what that means.
According to my bio-metrics, I graduated from Starfleet Academy in 2365.
I see where you are coming from I agree about it being social morality aspect. However on this one occasion since James Comey wanted Apple to build a tool to access iphones that were encrypted, So to me this was morally justified.
****the social morality aspect, not *being
Indeed. I don’t particularly like Comey, but to publish his personal accounts is a VERY low blow.
There’s invasion and invasion. I don’t think any locks were broke, it’s more like a labyrinth was negotiated. The difference between kicking his door in, and strolling past his family picnic that was in some obscure corner of a state park.
Not a hack – just basic detective-come-stalker skills. I’m all for a good challenge, but surely outing his private accounts is utterly spiteful?
Nope. Using IG’s ‘suggested friends’ list that pops up after sending a friend request to someone as a mechanism to infiltrate a locked down user profile is most certainly clever, and it’s definitely something that the Instagram developers didn’t intend it to be used for. That is the very definition of a hack, sir.
s/Not phased /Not fazed/
I.e.:
fazed: adj 1: caused to show discomposure; “refused to be fazed by the objections”
Phase refers to a time displacement between two or more cyclical waveforms of the same frequency.
Apropos the sleuthing, my sympathy for the victim is moderated by surprise at a male using social media.
?
Ha. Just because you found something… doesn’t mean you found what you were looking for.
Probably similar to how the Chinese got all our OPM data. “Hey, could we have access?” No problem!
This is a doxxing 101 article. Not impressed. Not the kind of thing Hackaday _should_ be known for. I’d rather read about hacks.
This is baby town frolics. This is computer forensics that a child should be able to do. For it to be “doxxing” there would have to be actual docs posted. And most of those are gleaned from public records anyway. It’s just having them all in one place that makes it dangerous.
While I do agree that I would rather read about hacks, the “Suggested” list that was exploited here is a legit hack I didn’t know about. The first day of “Doxxing 101” has an exercise in finding your target’s physical address from old employment records/IRS filings/phone numbers/newspaper articles/church directories/etc. Described above is only for the slowest students of the remedial class.
https://youtu.be/VmarNEsjpDI
Whooo…. You found a twitter account a man was using to have contact with his friends and family and now you quite possibly fucked that up for him. You go girl!
On a serious note, the friend suggestion trick was cool but I didn’t need a real live example to see it demonstrated.
I rather not see similar articles in the future.
What is this useless rubbish, bring back all the articles written by old farts who know real hacks and stuff worth knowing.
Wow, gawker is usually all about privacy unless it’s an old white guy.