Subject knew story was coming because reporter visited their website


This is the first documented case that I am aware of where the subject of an investigation was tipped off because they saw a news organization's IP in their web server logs.

"... the Environmental Technology Company had said that The New York Times had been on [the
Company’s] Web site like 12 times that day -- or that week. He thought -- and maybe because
of, you know, them wanting to do a story about water purification, I just have a feeling it might
be this reporter snooping around, trying to build a story.”

We always knew this was a theoretical risk, but it's useful to see the threat actualize. This suggests to me that VPN (or Tor) should be standard during investigations, especially if you're going to go to a site repeatedly.

h/t Runa Sandvik for bringing this to my attention

  • Jonathan


I've seen it happen a few times when specific NGOs and media organisations had custom fonts loaded into their browsers that were fingerprinted by people they didn't want to know they were investigating. Also a few organisations do this type of activity when matching IP logs on their sites.


Very sophisticated. Do you have any documentation of these examples that you can share?


Unfortunately not that I could speak about.

I'm swamped at the moment but if I get time in the next few weeks will try to write a short strategic bit about it.