Subject knew story was coming because reporter visited their website

jonathanstray · 2017-02-13 22:32:24 UTC

This is the first documented case that I am aware of where the subject of an investigation was tipped off because they saw a news organization's IP in their web server logs.

"... the Environmental Technology Company had said that The New York Times had been on [the
Company’s] Web site like 12 times that day -- or that week. He thought -- and maybe because
of, you know, them wanting to do a story about water purification, I just have a feeling it might
be this reporter snooping around, trying to build a story.”

http://nylawyer.nylj.com/adgifs/decisions15/111615evidence.pdf

We always knew this was a theoretical risk, but it's useful to see the threat actualize. This suggests to me that VPN (or Tor) should be standard during investigations, especially if you're going to go to a site repeatedly.

h/t Runa Sandvik for bringing this to my attention

Jonathan

rorybyrne · 2017-02-13 23:05:56 UTC

I've seen it happen a few times when specific NGOs and media organisations had custom fonts loaded into their browsers that were fingerprinted by people they didn't want to know they were investigating. Also a few organisations do this type of activity when matching IP logs on their sites.

jonathanstray · 2017-02-13 23:39:02 UTC

Very sophisticated. Do you have any documentation of these examples that you can share?

rorybyrne · 2017-02-14 00:18:49 UTC

Unfortunately not that I could speak about.

I'm swamped at the moment but if I get time in the next few weeks will try to write a short strategic bit about it.