The basic opsec failures that unmasked James Comey's Twitter show how hard this stuff is

Gizmodo's Ashley Feinberg (almost certainly) figured out that James Comey's secret Twitter handle was @projectexile7, because America's top G-man failed at some of the most basic elements of operational security.

Comey's mistakes are simple and devastatingly compromising: he used the same handle in more than one place, he tweeted links that were all about James Comey, he told at least one friend which account was his and let that friend follow him, he named his account after a philosopher he wrote his senior thesis on, he publicly mentioned that he had a secret Twitter account and disclosed the number of followers it had — and his son also leaked some info.

As Joseph Cox explains, if you're going to maintain an anonymous alter-ego online, it's very important that your alter-ego never express interests or make references to things that your non-secret identity is interested in, and that you never tell anyone about it.

But this account obviously existed to let Comey blow off steam, so it inevitably would have some links to his real identity; what's more, Comey's identity recycling (the same handle on Instagram and Twitter) is such a common sin that it almost seems hardwired into us.


If America's top G-Man can't get this stuff right, it tells you that it's pretty danged hard.

There is only one person currently following the account: Benjamin Wittes of Lawfare. Wittes is no Twitter neophyte. He is an active user with more than 25,000 followers, and he only follows 1,178 accounts—meaning he is not a subscriber to the "followback" philosophy. If he is following a random egg—and is the only account following it—there is probably a reason.

That reason could be the fact that, as Wittes wrote here, he is a personal friend of James Comey. (We've reached out to Wittes for comment but have yet to hear back.)

Project Exile happens to be a federal program that James Comey helped develop when he was a U.S. attorney living in Richmond. And then, of course, there are the follows.

ProjectExile7 follows 27 other accounts, the majority of which are either reporters, news outlets, or official government and law enforcement accounts. The New York Times' Adam Goldman and David Sanger and the Washington Post's Ellen Nakashima and David Ignatius, all of whom have been aggressively covering the FBI investigation into Trump's contacts with Russian agents, made the list, as did Wittes and former Bush Administration colleague Jack Goldsmith. Donald Trump is on there, too, but @projectexile7 seems to have begun following him relatively recently (its first follow was @nytimes).

Here's How Not to Get Doxed Like FBI Director Comey
[Joseph Cox/Motherboard]

This Is Almost Certainly James Comey's Twitter Account
[Ashley Feinberg/Gizmodo]