The controversy dubbed “Weinergate” has not lacked for Woodwards and Bernsteins. Ever since someone posted an image of an underwear-clad erection from New York Rep. Anthony Weiner’s Twitter account late Friday night, online sleuths have examined everything from the trail of retweets to photo metadata to the relationship or lack thereof between Weiner and the 21-year-old Seattle woman to whom the message was directed. Yet for all the forensics, the jury is still out.
Weiner hasn’t done much to settle the issue. Right after the photo went up, he (or someone in his office) removed the tweet and erased his account on Yfrog, the photo service used to post the picture. Weiner made light of the incident in a follow-up tweet: “Tivo shot. FB hacked. Is my blender gonna attack me next? #TheToasterIsVeryLoyal.” But the questions kept coming: Why hadn’t he reported the incident to law enforcement? Did he know the woman, Gennette Cordova? How could someone hijack his account? On Tuesday, he held a press conference where he refused to say whether the photo depicted him or whether he posted it. On Wednesday, he told NBC he couldn’t say “with certitude” that it’s not him in the picture. He now says he’s hired a private security firm to investigate the incident.
Until that investigation is complete, we’ll have to rely on the evidence that’s public, for and against Weiner.
First, Weiner’s side. According to Weiner’s spokesman, the congressman got an email a week earlier warning him that his Facebook account had been hacked, but no one did anything about it. Skeptics might read “someone hacked my Facebook” as the new “my dog ate my homework.” Not so fast, say cybersecurity experts: It’s easy to hack into someone’s Twitter or Facebook account. “It could certainly plausibly happen,” says Dave Marcus, director of security research and communications at McAfee.
One method would be to simply guess someone’s password, which is a lot easier than you’d expect. If that doesn’t work, you could use a “password cracker,” a program that cycles rapidly through millions of different passwords, which can take as little as a few minutes. A hacker could also conduct a basic phishing scam by getting Weiner to click on a link that would download malicious password-tracking software onto his machine. Even just being on the same Wi-Fi network as Weiner would be enough to hijack his account.
Twitter and political forensics back up Weiner’s story. The metadata in the photo don’t match up with the data of other photos he has posted on Yfrog, supporting the argument that someone other than Weiner put it up. Plus, if he indeed meant to send the pic, it’s hard to imagine him accidentally hitting “@” instead of “d”—the Twitter command for sending a direct message. From a political standpoint, the person who discovered and retweeted Weiner’s photo just happens to be Dan Wolfe, a conservative who is obsessed with Weiner’s Twitter relationship with young women and who earlier in May had promised “sex-scandal pics of a ‘big time’ Congressman.” Why would he, of all people, be the first to spot it? (One possible answer: Tweets that begin with @ are seen only by the sender, the recipient, and any user who follows both. Wolfe, because of his interest in the females Weiner followed on Twitter, is probably one of the few who fit the bill.) Also in Weiner’s favor: The woman to whom the photo was directed released a statement over the weekend saying the deleted tweet never reached her and that she’s never met Weiner.
Yet circumstantial evidence raises questions about Weiner’s account. He says he was live-tweeting a hockey game when the offending photo was posted. In fact, his Twitter feed shows that he began tweeting about the game only after the photo was posted. At 8 p.m. on Friday evening, Weiner tweeted, “Heading to 30 Rock to chat with Rachel [Maddow] at 9. #Thats545InSeattleIThink.” Why would Weiner’s followers care what time Maddow aired in Seattle—except Cordova, who lives there?
Weiner’s denials have been anything but categorical. At first he said his account was hacked but refused to answer questions about the photo. Then on Wednesday he said he didn’t send the picture but couldn’t be sure it wasn’t him in it. He told Wolf Blitzer on CNN that the photo “certainly doesn’t look familiar to me,” as if it were a snapshot of a long-lost cousin.
An official investigation would clear all this up. A law enforcement agency could subpoena Twitter or Yfrog for the IP address from which the photo and tweet were posted. If that IP address pointed to a machine other than Weiner’s, case closed. Or, if Weiner would rather avoid the hassle, he could always just drop trou.