Joy Reid Blames Hackers, Just Like Everyone Else

Credit to Author: Louise Matsakis| Date: Fri, 27 Apr 2018 15:21:35 +0000

This week, MSNBC host Joy Reid has found herself embroiled in a familiar controversy. Twitter user @Jamie_Maz—for the second time—surfaced a number of homophobic posts, from the early aughts, on Reid's now defunct blog, the Reid Report. In response, Reid has turned to a recognizable scapegoat: hackers.

Reid isn't the first public figure to blame hackers for her alleged misdeeds online. Numerous celebrities and politicians have accused hackers of breaching their websites and accounts for years. It's an alluring explanation, in part because plenty of websites and organizations have suffered genuine breaches. And the general public still largely views hackers as nefarious, all-powerful cyberghosts who can reach into your computer and cause your Twitter account to retweet hardcore porn at any time.

To be clear up front, it's absolutely possible—if not entirely plausible—that Reid and some of the others below really were hacked. That's partly why the hacking excuse provides such good cover; it's a difficult crime to trace, and can be difficult to fully rule out in many cases, especially if forensic evidence has been destroyed. With that caveat aside, here are some of the best moments of hacker-blaming history.

Let's start with Reid, who claims that attackers not only breached her blog, but also the nonprofit Internet Archive, which maintains the Wayback Machine, a database that automatically preserves millions of web pages to keep them from being lost to history. They did so, Reid says, to insert multiple posts that say things like "adult gay men tend to be attracted to very young, post-pubescent types."

"In December I learned that an unknown, external party accessed and manipulated material from my now-defunct blog, The Reid Report, to include offensive and hateful references that are fabricated and run counter to my personal beliefs and ideology," Reid said in a statement provided by her employer, NBCUniversal. She also said she has worked with a cybersecurity expert, Jonathan Nichols, who said in a separate statement that credentials for the Reid Report were found on the dark web. Nichols said that while investigating Reid's blog, he reached out to the Internet Archive to have the posts removed, because they were fraudulent. The Internet Archive says it didn't have enough evidence to take them down.

'There is a near zero-chance that the claims of hacking are credible.'

Jake Williams, Rendition Infosec

"When we reviewed the archives, we found nothing to indicate tampering or hacking of the Wayback Machine versions. At least some of the examples of allegedly fraudulent posts provided to us had been archived at different dates and by different entities," the organization's Chris Butler said in a blog post. "We are unaware of anyone corrupting what we have captured, or when it was captured," Mark Graham, the director of the Wayback Machine project at the Internet Archive, said in an email.

After the Internet Archive refused to take down the posts, Reid or someone on her team ran an exclusion script on her blog, which automatically stops the Wayback Machine from archiving a site. The archives of her blog are now unavailable.

"I assess there is a near zero-chance that the claims of hacking are credible," says Jake Williams, a former National Security Agency hacker and founder of the firm Rendition Infosec. "The Internet Archive has these posts archived from multiple different nodes over a multiple-year period. While I have little doubt that Joy Reid's credentials have probably been leaked and are probably available on the dark web, this fact does not mean that she was hacked." Williams further suggests that had someone actually accessed Reid's blog, they would have probably posted something far more inflammatory than they did.

"We talk about the intersection of intent, opportunity, and capability. This attack makes no sense in the intent or capability categories. If you have the intent to harm Joy Reid, given the capabilities you must possess to modify the Internet Archive, you can do far worse," says Williams.

Reid's lawyer, John H. Reichman, said in a statement Wednesday that the FBI was now looking into the matter. The agency said it could not confirm nor deny whether an investigation exists.

The hacker excuse is an older pastime than you might realize, and deployed by more than just politicians and pundits.

In 2005 for example, video game developer Rockstar North released the PC version of Grand Theft Auto: San Andreas. Users soon discovered that the title contained a normally inaccessible mini-game that could be played by installing what became known as the "Hot Coffee" modification. The mini-game was sexually explicit, and involved the game's main character having sex with his girlfriend. Hundreds of thousands of players downloaded it.

A scandal soon erupted. Lawmakers were concerned over the game's sexually explicit content, and then-senator Hillary Clinton even urged federal regulators to investigate the game. Rockstar denied that it created the sexual mini-game, and initially blamed nameless hackers "who have gone to significant trouble to alter scenes in the official version of the game."

Later, Corey Wade, a product manager at Rockstar, admitted that blaming hackers was a public relations screw-up and a lie. The Entertainment Software Rating Board ultimately changed the rating of the game from Mature to Adults Only 18+. Walmart, Target, Best Buy, and Circuit City all removed the game from their shelves.

In 2011, an alleged college student in Seattle received a photo of a man with an erection wearing gray boxer-brief underwear. It had come from the Twitter and yfrog (a defunct image-hosting site) accounts of then-New York congressman Anthony Weiner. The photo was soon leaked to conservative news site BigGovernment.com, run by Andrew Breitbart. At first, Weiner denied that the photo, which didn't include a face, was him. Instead, he alleged mysterious hackers had accessed his accounts.

"The weiner gags never get old I guess," he told Politico at the time, adding that he thought it was "obvious" that his accounts had been breached. Just over a month later, Weiner admitted his claim that a hacker had sent the lewd photo was a lie. He also confessed to carrying out a series of inappropriate relationships with various women he'd met online.

Last year, Weiner pleaded guilty to transferring obscene material to another woman, who was a minor at the time. He was sentenced to 21 months in prison, ordered to pay a $10,000 fine, and required to register as a sex offender.

Also in 2011, a social-media manager at Chrysler was having a bad day. To take the edge off, they tweeted from the official Chrysler account about the perceived poor driving skills of the people of Detroit. "I find it ironic that Detroit is known as the #motorcity and yet no one here knows how to fucking drive," they wrote. It couldn't have come at a worse time—the car company was in the midst of a marketing campaign focused on celebrating Detroit. Chrysler promptly removed the tweet, and said that its account had been "compromised," as one does.

Chrysler later admitted that the tweet had been posted by an employee from New Media Strategies, a marketing firm employed by the car manufacturer. The employee posted the tweet after a bad commute to work, and was promptly fired. Two years later, Jeep, which is owned by the same company as Chrysler, really did have its Twitter account breached.

In February, the Office of Inspector General released a scathing report, which found then-secretary of veterans affairs David J. Shulkin had spent much of a lavish trip to Europe sightseeing with his wife. The report alleges that to justify the government paying for his wife's over $4,300 in airfare costs, Shulkin's chief of staff Vivieca Wright Simpson doctored an email to indicate the couple had been invited to an honorary dinner in Denmark to accept an award, which they had not.

In response, Shulkin suggested that Wright Simpson's email had been hacked and that someone was sending messages in her name. "We have seen that somebody is impersonating her, and we have to fully investigate that to make sure that we follow the processes," Shulkin told reporters in February.

The the OIG later concluded that there was no evidence to support the claim that her inbox had been hacked externally. President Trump removed Shulkin from his position at the Department of Veterans Affairs in March. Wright Simpson retired two days after the report was released.

CBS Sports host James Brown too claimed his Twitter account was "hacked" last year, after tweeting out a link to hardcore porn to his over 30,000 followers.

“Obviously my account has been hacked!!!” the 66-year-old broadcaster then said on Twitter, according to The New York Post. Brown appears to have since deleted the original lewd tweet, as well as his explanation of the incident.

Brown is far from the only person to cry hackers after accidentally tweeting out porn. In 2014 for example, Missouri state representative Mark Parkinson tweeted a photo of an exaggeratedly large penis penis captioned "ALWAYS that problem in the morning…" He too blamed hackers for the incident, though it's not clear how the image ended up on his Twitter profile.

https://twitter.com/markparkinson/status/478637778859614208

Brown and Parkinson are far from alone. And porn is far from the only offending content that hackers get blamed for.

Earlier this month, Don Cardy, a small town councillor in Canada, was suspended for two days after a racial slur was posted on his Facebook profile. Cardy claimed that hackers had done it, and promptly deleted his Facebook account and wiped his hard drive.

A similar excuse was drummed up by University of Sydney poetry professor Barry Spurr in 2014, whose email account was found to have sent numerous racist emails. In an interview with Weekend Australian, Spurr said his inbox had been "illegitimately accessed." He later resigned.

Again, it's entirely possible that some of these accounts were genuinely breached, or accessed by associates without their knowledge. We'll likely never know exactly what happened—which is what makes hackers such an appealing scapegoat in the first place.

https://www.wired.com/category/security/feed/