The New York congressman has so far declined to ask for an investigation into the photo, saying it’s not a worthy use of government resources. The U.S. Capitol Police said it would not launch an investigation unless requested.
In asking a private security firm to investigate instead, Weiner won’t be able to prove his innocence by obtaining logs from Twitter showing where his account was accessed from. Twitter says it requires a subpoena or court order to hand over such information. A subpoena or court order would have to be initiated by police or the FBI, not private detectives.
The scandal, which erupted last weekend, has been fueled by Weiner’s initial refusal to answer questions about it. Although he started explaining his side Wednesday in a series of media interviews, some of his answers were perplexing.
Weiner was clear about one thing: He says he didn’t send the picture, which was addressed to one of his Twitter followers, identified by news outlets as Genette Cordova.
If he didn’t send it, that points to someone else using his account at Twitter or at yFrog, the photo-sharing site that stored the picture, according to conservative website BigGovernment.com, which first reported on the tweet.
Sites such as Twitter usually keep logs of which Internet addresses are used to access an account, sort of like an online guestbook. It doesn’t contain names, but these numerical Internet Protocol, or IP, addresses identify computers and phones.
Weiner was tweeting on Friday night, when the picture was posted. If the log book shows that the post with the picture came from a different address than the one associated with his legitimate, hockey-related tweets, that would strongly suggest Weiner’s innocence.
“Oftentimes, if there’s a situation where an account has been taken over, we can tell that the IP address has changed – it’s not the one we’d expect to find,” said Lt. Charles Cohen, head of the cybercrime investigations at the Indiana State Police.
One obstacle is that websites don’t have to keep logs of Internet addresses, and those that do keep them for differing amounts of time. Twitter and yFrog didn’t respond Thursday to questions about how long they keep Internet address information.
The editorial board of the Daily News of New York said it believes Weiner when he denies sending the photograph, but it said his refusal to let law enforcement investigate is suspicious.
If Weiner did send the message, the use of yFrog could explain why it was visible to others, instead of just Cordova. Twitter allows users to send a “direct message” that is visible only to the recipient, much like an email. Yfrog doesn’t offer that option. In a setup that could be confusing, it prompts users to send pictures to other Twitter users, but the resulting tweets aren’t private.
Weiner has been equivocal about whether the photo is of him, leaving open the possibility that he shot the picture and uploaded it to his yFrog, where a hacker found it and tweeted it.
An examination of Weiner’s computer or phone would probably show whether he shot the picture. It’s also possible that yFrog has a copy of the picture, even though Weiner said he deleted it Friday night. The photo file could contain data that identifies the camera. Again, if it doesn’t match Weiner’s camera, he would be in the clear.
If the investigation does point to a hacker, identifying the culprit could be challenging, depending on how well he or she covered her tracks. Logs from Twitter or yFrog could yield an Internet address, but computers and phones switch Internet addresses regularly. Someone accessing the account from a public hot spot or a prepaid cellphone would be virtually untraceable, Cohen said.
Cohen has investigated cases of public officials who have had their Facebook accounts hacked by people who apparently got hold of their passwords. That can happen if someone uses a public computer and forgets to log out afterward, he said.
It’s also possible a hacker could simply have guessed Weiner’s password, either to Twitter or yFrog.
Hackers can also gain access to Twitter and Facebook accounts through the wireless signals of people who log in while on a public, unencrypted hot spot, Cohen said.
This became drastically easier last fall, when a programmer released a software add-on for the popular Firefox browser that provides automatic access to Facebook and Twitter accounts of nearby people. The software requires little technical know-how. The add-on doesn’t expose passwords, but allows hackers to do whatever a user can do, such as post status updates, pictures and tweets.