The basic opsec failures that unmasked James Comey's Twitter show how hard this stuff is


#1

Originally published at: http://boingboing.net/2017/03/31/federal-eggs.html


#2

It’s not @ReinholdNiebuhr, it’s @projectexile7. Reinhold Niebuhr is the name he’s given the account.

ETA, via @tekna2007:


#3

@doctorow, what daneel said. ^


#4

I am still unclear how it is insecure, much less doxxing, for people to know about a Twitter account.

But this account obviously existed to let Comey blow off steam, so it inevitably would have some links to his real identity

And why assume that Comey has a real identity? Maybe having numerous parallel identities is simply how they function.


#5

I found the article really interesting as a case study in how doxxing works, but to be charitable I don’t know if this counts as “opsec failure” from the point of view of the director of the FBI. FBI opsec for maintaining anonymity probably involves burner hardware and all sorts of fun tunnelling and proxying and I don’t know what else. Using that apparatus for a twitter account “to blow off steam” would be an opsec failure, especially when “just assume it’ll get found out and don’t say anything too stupid” is sufficient.


#6

To be fair, Comey is FBI aka glorified cop.He is not CIA or a member of any other clandestine spying organization. I wouldn’t expect his ‘secret identity’ to be very secret.


#7

Do any of us really have a real identity? #makeYouThink


#8

Real or actual?


#9

The FBI has primary responsibility over domestic counterintelligence.


#10

What’s the point of having a “secret” twitter account with one follower?

I’ve long felt that Twitter was a bunch of people talking, with nobody listening. Comey only exemplifies that perspective.


#11

Anyone liking that comment missed the point :slight_smile:


#12

A lot of people use Twitter as a sort of low-rent news aggregator. You post nothing, you get no followers except for spambots, but you follow 20-30 people or news organizations. That seems to be what Comey was doing.


#13

Absolutely. I know some people in Law Enforcement who work with the cyber. Its all milk-crates of hard drives, beater laptops, burner cell phones. Loaded up with TOR multiple VPNs, and assorted weird forensics and security software. But the rule of thumb is also that they absolutely can not have any sort of social media presence. I’ve been curious about Comey’s comment that he “(has) to be on twitter now”. Assuming the account is his. And the accounts that it was following looks like some sort of PR monitoring.


#14

It makes sense in that Comey is in a public facing position.


#15

I use it that way too - or at least I did until I was forced through work to become more active. I have a hard time motivating myself to participate…


#16

When it first made the scene, my older brother was an early adherent; I innocently (?) asked him if people who used Twitter were “Twits”.

Why is it okay for an older sibling to be a jerk to a younger one (gender doesn’t really matter), but no vice-versa, LOL?


#17

I can’t really answer that, since I’m the older sibling. :slight_smile:


#18

Sometimes gender matters. Ask anyone with a kid brother. Particularly one named Jason.


#19

If it had anything to do with Comey being a public figure. It would be The Official James ComeyTM twitter handle. Its a bit weird that he “needs” a private, publicly unacknowledged twitter account. And one that only seems to follow media Orgs.


#20