An embattled CNN reporter might have used a phishing tactic to gather private information in an attempt to unmask anonymous tipsters.
Andrew Kaczynski, a former Buzzfeed contributor and current host of CNN’s KFile, has been incriminated in another attempt to reveal the identity of online sources.
By seeming to plant foreign web bugs into personal emails, a common phishing tactic used to determine IP address, location, and other identifying information, new questions have been raised regarding ethical practices inside the troubled fake news network.
A recent email exchange with an anonymous conservative group has been obtained by Media Equalizer. In the discussion, Kaczynski feigns interest in a scoop that’s being offered.
At one point, he attempts to sneak a web bug into the conversation, with the apparent goal of luring the recipient into clicking the link. Doing so would give Kaczynski the IP address, location, and other metadata included in the email recipient’s account.
After the web was set ablaze this week by Trump’s tweet featuring an old WWE video, an investigation into who created the memed video followed.
Kaczynski claims he discovered the identity of the online Reddit user who created the animated GIF by, as he says in his own report, “determin[ing] key biographical details, to find the man’s name using a Facebook search and ultimately corroborate details he had made available on Reddit.”
However, he does not state whether those details were made available voluntarily.
Kaczynski issued a now-infamous statement accepting the apology of the original creator of the video. After the anonymous man agreed to stop being “offensive” on Reddit, Kaczynski magnanimously offered not to reveal who he was — but that “CNN reserves the right to publish his identity should any of that change.”
Now, he’s done it again.
Media Equalizer explains:
The web bug that Kaczynski uses, MailTrack.io, is based in Spain and seems inoccuous enough. It is advertised as a way for email marketers and business professionals to track whether emails are being opened.
Much like the tools available in MailChimp or Constant Contact, it reports when an email was opened, who opened it, how many times it was opened, which links were clicked, and the like.
What it also does is provide the IP address, location, computer used, time when the link was clicked, operating system and browser, and cookie information.
All the email recipient has to do is click on the link, not suspecting that it redirects to another website that gathers all this information in a flash.
Phishers can use this information to narrow down possible identities, and can use social media searches to fill in the blanks.
Both CNN and Kaczynski responded to Media Equalizer’s request for comment, claiming, as expected, that it’s false. Kaczynski said, “Mailtrack.io does not tell ip address or location. You need to correct this as soon as possible.”
However, an online review of MailTrack said: “It’s a little weird and intrusive that you cannot switch tracking off under a free account. Not only does this raise potential personal privacy concerns, it could also be a problem if you need to send email to someone who uses email through a network or service that blocks tracked emails or flags them as spam.”
Jeff Reynolds, the writer of the original story from Media Equalizer, also added a personal note saying that “within five minutes of sending the email to Kaczynski asking for comment, my anti-virus software reported a malicious attack of high severity on my computer that it blocked. I haven’t had that happen in months. I have no idea where this attack originated, but it sure was strange timing.”
Maybe Kaczynski is a serial doxxer, maybe he isn’t. What do you think? Sound off in the comments below!