The Internet Archive rejects MSNBC host Joy Reid’s claim that her old blog was hacked

This story has been updated.

Sometimes the “I got hacked!” excuse just doesn’t cut it. That was MSNBC host Joy Ann Reid’s explanation for old blog posts containing homophobic statements that recently surfaced. She made the claim after Twitter user @Jamie_maz tweeted a series of screen shots of sections from Reid’s website, The Reid Report, found via the Wayback Machine–the Internet Archive’s tool for retrieving old web pages–since the links had since been removed.

Reid, in a statement to Mediaite (May 11, 2018), made a bizarre claim–not that the blog post screen shots themselves were fake, but instead that the text of the posts had been manipulated by an “unknown, external party” after the fact. Essentially, Reid was claiming that someone had hacked the Internet Archive to alter her posts to include these offensive statements.

But the Internet Archive says it found no evidence of such hacking. According to a new blog post: “When we reviewed the archives, we found nothing to indicate tampering or hacking of the Wayback Machine versions.” The post continues: “At least some of the examples of allegedly fraudulent posts provided to us had been archived at different dates and by different entities.”

The Internet Archive says Reid’s lawyers contacted the organization back in December, claiming that “fraudulent” text had been “inserted into legitimate content,” and asking the organization to take those posts offline. The organization refused that request, explaining that Reid’s attorneys had not provided enough information. After that, a robot.txt exclusion was introduced to her blog, which resulted in the archives being removed.

I reached out to Reid for comment and will update this post if I hear back.

Update:

A cybersecurity expert named Jonathan Nichols has provided a statement. In it, he says that his team “discovered that login information used to access [Reid’s] blog was available on the Dark Web and that fraudulent entries–featuring offensive statements–were entered with suspicious formatting and time stamps.”

He goes on to say that he contacted both the Internet Archive and Blogger.com to let them know the blog was compromised. “[W]e have significant evidence indicating that not only was Ms. Reid’s old blog compromised, some of the recently circulated posts were not even on the site at any time, suggesting that these instances may be the result of screenshot manipulation with the intent to tarnish Ms. Reid’s character,” he writes.

You can read the full statement below:

Five months ago, we found evidence Joy Reid’s now-defunct blog, The Reid Report, was breached after a review of suspicious activity.

We discovered that login information used to access the blog was available on the Dark Web and that fraudulent entries – featuring offensive statements – were entered with suspicious formatting and time stamps. The posts included hate speech targeting marginalized communities and Ms. Reid has been explicit in condemning them.

Some of the posts in question were made while Ms. Reid was on the radio hosting her show. Text and visual styling was inconsistent with her original entries.

In December, shortly after the review, Ms. Reid’s attorney wrote to archive.org and Blogger.com to advise them that the blog had been compromised, and that the pages appearing in the Wayback Machine archive included fraudulent posts.

The letters detail the evidence that many of the blog posts were made up, including the times posted (times when Ms. Reid hosted her radio show), unusual structure and anomalies within the posts and ghosting around images.

We also asked Blogger.com for forensic data such as time stamps, IP addresses, and User-Agent data which would help us to learn more about the posts and where the fraudulent poster might be located. Blogger.com told us the data was not available.

At no time has Ms. Reid claimed that the Wayback Machine was hacked, though early in our investigation, we were made aware of a breach at archive.org which may have correlated with the fraudulent blog posts we observed on their website. We simply wanted to ascertain whether that breach was related to the compromising of Ms. Reid’s blog.

Once our team determined that the two intrusions were unrelated, we merely attempted to have the fraudulent posts removed from archive.org. They refused this request.

However, we have significant evidence indicating that not only was Ms. Reid’s old blog compromised, some of the recently circulated posts were not even on the site at any time, suggesting that these instances may be the result of screenshot manipulation with the intent to tarnish Ms. Reid’s character. Oddly, there were no responses in the comments section of the entries, despite the inflammatory nature of the posts. If those posts were real, they would have undoubtedly elicited responses from Ms. Reid’s base. There was also no contemporaneous verification or memory from Ms. Reid’s peers or individuals she regularly debated online.

As a result we are continuing our own investigation and cooperating with federal law enforcement in their attempt to identify the source of this activity.

Respectfully,
Jonathan Nichols
Independent Security Consultant