I will admit that watching various parts of the US government ‘go rogue’ is amusing to me. And so it was yesterday that @WhiteHouseLeak, a mid level staffer ran amok, tweeting about the chaos apparently unfolding within. The Daily Kos suggests:

It is impossible to know if the leaker shuttered the account himself or was outed

I on the other hand disagree. If this very, very poor man’s Snowden wasn’t yet tracked down in person, then it was going to be easy to trace them online.

Get the email hint

First of all, you have to ‘forget’ your login details for Twitter and submit your user name, in this case @WhiteHouseLeak:

Interesting enough, this flaw in Twitter was doing the round the other day as people were criticising Trump for using his gmail address with @POTUS. I was especially annoyed by this making the news, because I have disclosed this issue to Facebook, Instagram and Twitter back in May and I continue to extract all sorts of interesting email addresses. I also have it on good authority that many journalists and other investigative people constantly exploit this email leak, not to mention the hackers who do so as the first step towards a complete account take over.

Work out the full email

Anyhow, once you have the email in question, you can attempt to guess it. Most conventionally formatted emails can be guessed, firstname.lastname, firstnamelastnamebirthyear etc or follow other human-predictable patterns. You feed your guesses back into Twitter and if you’re right, you’ll have it confirmed as registered. If you need more than 10 attempts, rotate a Tor identity and continue unmolested. All of this without sending the user a single notification.

wh**************@gmail.com

[email protected] <- winner!

Attack the email provider

Now with this email in hand we can go to Gmail where we have ‘forgotten’ our password:

Oh no, the account’s deleted! Wait, what’s that, I can attempt to restore it?

Google will hit us with some softball questions at first, well obviously this was created this month!

Ultimately, if you come in from a ‘clean’ enough IP (no, not Tor exit nodes ;) ) you’ll be given the best tip of all, the recovery phone:

And that’s where we leave it! Assuming that White House HR department has semi-complete database of staff corporate and personal phones, they need simply need to check for all the staff members who’s number ends in ‘04’ and are a mid level staffer and they’ve got their leak.

I’m making the assumption that this leaker didn’t think things through enough to think their phone number hint would be revealed or even their email.

Still, I believe this is a nice case study of:

Why your email address is private not public!

How email ‘hints’ and phone number ‘hints’ can completely deanonymise people.

Social media giants, stop revealing this information so easily! Email addresses are not necessarily public! Your phone number, even a part of it is personally identifying, stop disclosing it! Remember, the US government literally kill people based on meta data.

@WhitehouseLeaks (plural) claims to be the successor account from the same person. However a more legit looking @TrumpAdminLeaks alleges that was just a copycat.