How a New York Times journalist exposed an IP address and tipped off a major investigation
Journalists sometimes need to work under a veil of anonymity, and in the 21st century, that often means visiting websites without anyone knowing that a major investigation is underway. It’s not always easy.
One newly reexamined court document shows that the subject of a New York Times investigation was tipped off because the news organization’s IP repeatedly showed up in the subject’s web server logs — a clear sign that something was up.
The revelation comes from a 2015 document in the federal corruption case against former New York state Sen. Dean Skelos as well as his son, Adam.
As news media investigated the case, a federal informant testified that the son was tipped off to a New York Times inquiry when IP addresses from the Times’ office showed up in web server logs.
“Like I’m nervous about — okay, so there’s some reporter that — from the New York Times that might be putting together a story regarding like real estate,” he said, according to the confidential informant’s testimony.
Dean Skelos, who was accused of using his power for the benefit of the Arizona environmental tech company AbTech, was told that a senior executive at the company saw “that The New York Times had been on [the Company’s] Web site like 12 times that day — or that week. He thought — and maybe because of, you know, them wanting to do a story about water purification, I just have a feeling it might be this reporter snooping around, trying to build a story.”
The issue of reporters exposing their identity has been raised for years, most notably in 2014 when the Freedom of the Press Foundation and former ACLU technologist Chris Soghoian reported that “several major US news organizations, including NBC, Reuters, The Associated Press, USA Today/Gannett and CBS Interactive all leak their identity via the IP addresses assigned to journalists’ computers.”
Despite complaints from reporters, the issue had reportedly been ignored by IT departments.
Runa Sandvik, who has been the director of information security at the Times since 2016, said the issue highlights why virtual private networks (VPNs) and tools like Tor that can obfuscate or even anonymize your identity are necessary tools for any journalist in 2017.
Rory Byrne, co-founder at the human rights organization Security First, noted similar problems in his field. In addition to sometimes revealing their IP addresses exactly the same way this Times reporter did, non-governmental organizations have been identified by custom fonts loaded into their browsers that allows for fingerprinting and tracking.