Twitter Forensics: Rundown of the Evidence Around @RepWeiner’s Crotch Shot

What’s in a tweet? More data than you realize. Detectives in the media and political blogs have scoured the web for evidence to support or counter Anthony Weiner’s claim that he was the victim of a Twitter-jacking, which he initially called a “hack” but switched to calling a “prank.”

Was he or wasn’t he? The evidence:

1) How the photo was tweeted.

Rep. Weiner updates Twitter from a number of sources, including, the Twitter for Blackberry app and Tweetdeck, which all use the photo uploading service The crotch photo was uploaded to Rep. Weiner’s yfrog account, the contents of which he’s now erased.

We don’t have enough evidence to say what service–, Twitter for Blackberry or Tweetdeck, was used to send the tweet in question, but the fact that it was uploaded to yfrog is consistent with those apps as well as the representative’s past photo-appended tweets.

However, Yfrog “authenticates” with Twitter, so it doesn’t require a separate login. If a hacker had access to Rep Weiner’s Twitter account, he or she would be able to upload to yfrog automatically.

2) The photo “file.”

The alleged raw photo now circulating the internet is stamped as being taken with a Blackberry. A hacker would likely use a computer when breaking into an account, but could have taken the photo beforehand in order to lend veracity to the story.

3) The back-and-forth on Twitter.

Some have suggested that the fact that the tweet was only noticed by one of Rep. Weiner’s followers is suspicious and suggests it was never tweeted, and that screen captures of the tweet were doctored. But Twitter only shows you conversations between users you’re following, so only users following both parties would have seen the tweet.

One user, @patriotusa76, a Weiner-troll, had tweeted with the recipient before in the course of chastising the representative for following a lot of attractive girls on Twitter. The fact that they had a previous interaction suggests he might have been one of the few people following both parties–who else would be following a random girl in Seattle?–to whom Twitter would show the tweet. He also clearly keeps a close eye on the representative’s account, having tweeted at it 287 times. He retweeted the crotch at 11:34 p.m.

4) Rep. Weiner’s preceding and succeeding tweets.

The reference to Seattle in a previous tweet, as noticed by Mediaite, suggests a passive shout-out to the girl Rep. Weiner supposedly crotch-tweeted at.

The reference to having his Facebook hacked–which there is no evidence of now–is just confusing. But if Rep. Weiner used the same password for Twitter and Facebook, a hacker might have gained access to both at the same time.

5) It’s easy to accidentally publish a private message on Twitter.

Users can add “d” and the username of the recipient in front of the message in order to send it to only that person. It’s also very easy to forget to add the “d”–this happens pretty often on Twitter and is referred to as a “DM (direct message) fail.”

6) It’s also easy to break into a Twitter account–if the user has a simple password.

Back in 2009, a hacker gained access to several accounts, including Barack Obama’s, after running a program that tested every word in the dictionary until it found a Twitter support employee who had used the word “happiness” as her password.

7) Conclusion.

The hacker explanation requires many more assumptions–that someone out to get Rep. Weiner either was savvy enough to run a program that could guess his password or hired someone to do this; that the hacker was thoughtful enough to circulate a photo that had been taken with a Blackberry; that Rep. Weiner was able to regain access to his account before the hacker could change his password; and so on.–than the failed-private message explanation. Add Rep. Weiner’s dodginess with the press, and the case of the crotch controversy seems easy to dismiss as an instance of user error.


Twitter Forensics: Rundown of the Evidence Around @RepWeiner’s Crotch Shot