Anthony Weiner Twitter Photo May Have Posted Via Security Loophole

Jun 2, 2011 5:07pm

ABC News’ Devin Dwyer (@devindwyer) reports:    Did a security loophole allow easy posting to Rep. Anthony Weiner’s Twitter account without actually having to log-in as him?  That’s a theory that has been circulating widely online today. And Weiner’s defenders say it explains how a photo of a bulging male crotch area appeared on the congressman's Twitter feed Friday night without his knowledge. "I did not send that photo. My system was hacked. I was pranked," Weiner told ABC News Wednesday.  Screen grabs of Weiner’s Twitter page show the lewd image appeared in a posting via the photo sharing service yfrog.com, which is linked to Twitter.  Several technology experts and bloggers have pointed out that one way to get a photo quickly posted to yfrog and Twitter is by sending the photo to a special email address associated with the accounts.   In theory, someone who simply knew Weiner’s yfrog email address could have emailed the photo, which in turn would have been simultaneously uploaded to both his yfrog and Twitter accounts — all without ever being prompted for a password or permission.  The blog Cannonfire tried it out and took screen grabs to demonstrate HERE.  We tried to replicate the process ourselves, but it turns out yfrog has disabled email posting service — a sign that some say suggests the company has identified a security problem.  “Even though our email upload feature has not been compromised or broken into, we are taking this opportunity to evaluate the feature and secure it even further,” the company explained in a statement. Skeptics of the theory say Weiner’s unique yfrog address could only have been known by someone close to Weiner, or that it could have been used by Weiner himself.  They also point out the theory fails to resolve whether Weiner is the subject in the photo.  "I'm reluctant to say anything definitively about this because I don't know to what extent our system was hacked," Weiner said when pressed to answer whether or not the man in gray boxer briefs is him.  The congressman’s evasiveness on questions about the identity of the man in the photo — and his decision not to notify authorities of the alleged “hack” — have fueled speculation about his behavior.  “The much more common path would be to turn this over to the FBI or get a court order to get the IP address records for the website, something that would be quite simple,” said Orin Kerr, a George Washington University law professor who specializes in cyber law. “He’s going to be paying $600 an hour to have something done the police would basically do for free," he said. "So, it’s a curious decision if the hack is real.” Nick Akerman, an attorney who specializes in computer fraud cases with the law firm Dorsey & Whitney, said an illegal "hack" could be any unauthorized access of Weiner’s account, regardless of means. But prosecution of such a violation, he said, can only be undertaken by federal authorities — not by an individual and his or her civilian attorney.   Weiner’s retention of a lawyer is “a way of deflecting attention so they can say they have somebody looking into it without bringing in the authorities,” said Akerman.   “If someone hacked into the site it would be a violation of the federal Computer Fraud and Abuse Act,” he said. “On the other hand, if it really was his picture, why would you want to have a federal investigation into that and have all these facts come out in public?”    This post was updated to include a statement from Yfrog at 6:50 p.m. ET. 

You are using an outdated version of Internet Explorer. Please click here to upgrade your browser in order to comment.
blog comments powered by Disqus