‘Significant Evidence’

Claims by Joy Reid’s Cybersecurity Expert Fall Apart

The Daily Beast investigated the MSNBC host’s claims that someone hacked her old blogs to make her appear homophobic and found that the evidence provided crumbles under scrutiny.

MSNBC host Joy Reid claims that recently unearthed homophobic articles attributed to her are fakes. And she says a cybersecurity consultant has proof that her old blog has been hacked.

But that consultant, Jonathan Nichols, had trouble producing the promised evidence. And what he did produce failed to withstand scrutiny, according to a Daily Beast analysis. Blog posts that Nichols claimed do not appear on the Internet Archive are, in fact, there. The indicators of hacked posts don’t bear out.

Last year, the AM Joy host apologized for a 2007 blog post in which she had mocked Florida’s then-Republican Gov. Charlie Crist by referring to him as “Miss Charlie” and suggested that while on honeymoon with his wife, he secretly wanted to sleep with men.

Reid apologized on-air, suggesting she had evolved over a decade from those “insensitive, tone-deaf and dumb” remarks.

But Monday, media-news site Mediaite published—using screenshots taken from The Wayback Machine’s cached versions of Reid’s blog—more homophobic blog posts from the late aughts. In them, Reid appeared to crassly mock gay celebrities like Anderson Cooper and Clay Aiken, defend homophobia as “intrinsic” to straight people, declare that she wouldn’t see Brokeback Mountain because of the gay sex scenes, and imply that gay advocacy groups prey upon “impressionable teens.” On Thursday, the Washington Free Beacon followed up by revealing another set of homophobic posts not previously reported by Mediaite.

Reid—a Daily Beast columnist—did not apologize this time around. Instead, she released a statement saying that “In December I learned that an unknown, external party accessed and manipulated material from my now-defunct blog… to include offensive and hateful references that are fabricated and run counter to my personal beliefs and ideology.”

On Wednesday evening, Reid’s attorney announced that the FBI had opened an investigation into “potential criminal activities surrounding several online accounts, including personal email and blog accounts, belonging to Joy-Ann Reid.”

Reid said she hired Nichols, the cybersecurity consultant, to investigate the alleged hacking of her “compromised” old blog. In a letter distributed by MSNBC, Nichols claimed he found “significant evidence” that a hacker breached Reid’s blog and planted the offensive posts. “Some of the posts in question were made while Ms. Reid was on the radio hosting her show,” Nichols wrote. “Text and visual styling was inconsistent with her original entries.” Additionally, he claimed that at least some of the screenshots distributed by the @Jamie_Maz Twitter account, where the posts were first surfaced this week, had been faked and never appeared on the blog at all—suggesting a two-pronged attack on Reid’s reputation.

“We have both evidence of fraudulent posts and evidence of screenshot manipulation,” Nichols told The Daily Beast on Wednesday.

Except, that wasn’t quite so.

To support the screenshot forgery allegation, Nichols pointed to six images in the @Jamie_Maz Twitter timeline that he said were definitely not written by Reid nor posted by a hacker, but instead were outright fabricated images of posts that never appeared on the site. “The most obvious one was an instance where—it’s an easy one, it’ll stick in your head— [@Jamie_Maz] says Joy made statements about Eddie Murphy. It’s obviously false, she never made that claim.”

Nichols said those six posts are nowhere to be found in the Internet Archive. But that is not true.

Get The Beast In Your Inbox!

Daily Digest

Start and finish your day with the top stories from The Daily Beast.

Cheat Sheet

A speedy, smart summary of all the news you need to know (and nothing you don't).

By clicking “Subscribe,” you agree to have read the Terms of Use and Privacy Policy
Thank You!
You are now subscribed to the Daily Digest and Cheat Sheet. We will not share your email with anyone for any reason.

Further searching on the Internet Archive turned up the posts for all six of the screenshots Nichols described as fakes, including the one about Eddie Murphy. The Internet Archive’s records indicate they were retrieved and stored between 2006 and 2009. And all six are exactly as they appear in the screenshots. A random check of other screenshots attributed to the blog produced the same result: None of the images are faked or doctored.

A closer look at the archived blog by The Daily Beast revealed an error in Nichols’ methodology. Nichols examined the content tags visible in the screenshots and compared them to an archived list of all the labels that were actually used on the blog. He found that the tags “Gallup,” “gay and lesbian,” and “Dan Abrams” in three of the six screenshots did not appear in the catalog of labels.

Based on that evidence, Nichols had concluded that the screenshots could not be genuine. But in fact the tags in question were not Blogger.com labels, but rather tags linking to Technorati.com, a long-defunct blog-tracking site completely external to Reid’s blog publishing host site. Reid made an apples-to-oranges comparison and concluded that because the apples were not oranges, they must be fake.

Presented with that information on Thursday, Nichols acknowledged his error. “Yeah I’ve become aware of some methodology issues,” he wrote in an online chat. “We are looking to resolve the discrepancy.”

If, as it appears, the approximately 50 newly surfaced posts indeed appeared on Reid’s blog, that leaves Reid’s claim that they were posted by an imposter. To that point, Nichols’ said passwords used by Reid had been found in the wild on the dark web, where a hacker with a grudge against the MSNBC host might have found them.

A search on the breach-notification site Have I Been Pwned confirmed this: Reid’s email address, like millions of others, has turned up in batches of hacked and phished accounts over the years—eight batches in all, some of which contain user passwords. While six of the leaks postdate the disputed blog posts, the remaining two are of uncertain origin and timing. If Reid used the same password on Blogger and one of the websites that suffered a password leak, it’s conceivable that someone found it and used it to log into her blog back in 2005.

But Nichols could not provide any evidence suggesting this had occurred.

As described by Nichols, the conclusion that a hacker was posting on Reid’s blog rests primarily on two types of forensic clues within the disputed posts. First, he said, some of the allegedly planted posts contain punctuation choices and markup sharply different from Reid’s other posts. The Daily Beast compared scores of disputed and undisputed posts and could not discern any such anomalies. Pressed for specifics—which posts, which artifacts—Nichols said Wednesday that he did not have ready access to that information, but would provide it. Reached again on Thursday, he said he did not have any details to offer. “I thought I did,” he said “We’re kind of reevaluating as of yesterday.”

The second giveaway, Nichols said, was in the date and time stamps of some of the posts. They indicated that the entries were posted in the middle of Reid’s live radio show. “No one writes long soliloquies while they’re on the radio,” he said . “It just doesn’t happen.” Reid’s lawyer made the same claim in a letter written last December that was made public this week. “It would have been physically impossible for Ms. Reid to have made many of the posts. Some have dates and times when Ms. Reid was doing her radio show and could not have been blogging.”

The Daily Beast asked Nichols to provide those posts on Wednesday, and the cybersecurity consultant replied: “I don’t have that on hand.” On Thursday Nichols passed on what he now says is the only example he has available. Dated Thursday, Aug. 30, 2007, the post—titled “Is you is, or is you ain’t gonna impeach?”—reads in its entirety: “John Conyers talks a good game in front of a hometown crowd, but is he serious about keeping impeachment on the table?”

The timestamp indicates the entry was posted at 7:14 a.m. Eastern Time. The Daily Beast confirmed that the radio show Reid co-hosted in 2006 and 2007, Wake Up South Florida, aired weekdays from 6 to 10 a.m. No archive of the show’s broadcasts from that era could be found online.

The contested post was followed by a longer blog post that went up at 8:10 a.m., also during the show’s normal airing time. That post—titled “The next war?”—contains 330 words of original writing discussing the prospect of war with Iran. Neither Reid, Nichols, nor Reid’s attorney have so far contested its authenticity.

The presence of the second post seems to admit only two possibilities: the blog was hacked by someone with a well-considered view on U.S. conflict with Iran, or Reid, whether on the air or not, was able to blog that morning.

Reid declined to comment for this story.

The only other specific evidence offered by Reid’s team came from her attorney, John Reichmann. In letters sent to Google and the Internet Archive last December, which MSNBC distributed to journalists this week, Reichmann claimed that the timestamps on “many of the posts” on Reid’s blog are too close together to be the work of a single blogger. The letters provide as the only example Reid’s 2006 live-blogging of Samuel Alito’s Supreme Court confirmation hearing, noting that Reid pushed short updates to the post at 10:18 a.m., 11:34 a.m., and 11:41 a.m.

“The Blog, however, also shows a lengthy, fraudulent entry, ‘Things people say when they’re on the Fox News Channel,’ supposedly posted right in the midst of this, at 11:28 a.m.,” wrote Reichmann. “Ms. Reid did not have the superhuman blogging skills needed to do all of these posts simultaneously.”

But the “lengthy, fraudulent entry” about Fox News Reichmann is referring to consisted of just two lines of original text, plus a copy-pasted quote. A check of CSPAN’s archive also shows that the post was made shortly after a 15-minute break in the hearing.

If there was a hack, it would have taken place years ago. The Internet Archive’s records show the disputed posts were mirrored by the Wayback Machine no later than 2009, and many of them were archived much earlier, some within hours of appearing on Reid’s blog. Reichmann explored the possibility last year that the posts were crafted more recently, and that someone inserted them into the Internet Archive with false dates. Reichmann contacted the nonprofit in December to “demand that you provide us with the information needed to determine how the fraudulent posts came to be included in the archived posts.”

But at least one of the entries was contemporaneously referenced on a completely different website. A Feb. 6, 2007 post containing the line “most straight guys (and women) do react with winces at the sight of two men kissing on the lips” drew a comment on the Democratic Underground forum the same day: “Oh, Reidblog... why, why why…”

Today Nichols says Reid and her team no longer believe the archive was hacked, and the Internet Archive has denied any such manipulation could have occurred. “We found nothing to indicate tampering or hacking of the Wayback Machine versions,” an archiver for the site said in a statement.

That means the supposed hacker was posting alongside Reid for years. According to Reichmann, that even included inserting updates in Reid’s live blog of the Alito hearing in January 2006. Reichmann claimed that the hacker was responsible for two consecutive updates sandwiched between Reid’s legitimate ones. The updates report that Republican Sen. Orrin Hatch was using his questioning time to metaphorically fellate the judge. “Oh, look, Orrin Hatch is putting on his Supreme Court knee pads to save Alito,” one line read. The post’s title, which Reichmann says the hacker changed, was “Brokeback Committee Room,” another reference to the film about gay lovers. All the contested material in the post is present in the earliest archived copy, which was captured the day after the hearing.

All of this alleged hacking apparently went unnoticed at the time by Reid.

That’s an extraordinary claim, and so far the bits and pieces of evidence offered for it have not stood up to scrutiny when they’ve been specific enough to test. If she wasn’t hacked, it doesn’t necessarily follow that Reid is lying. Her decision to hire a security consultant to investigate the posts, and a lawyer to demand the access logs for her blog account, suggests she genuinely believes at least some of the posts were planted. After 12 years and tens of thousands of written words, Reid simply may not remember.

It’s possible that in the end Reid will discover her adversary isn’t a determined hacker, but a far more dogged foe: The Joy-Ann Reid of years past, writing in a voice she can no longer recognize as her own.

—with additional reporting by Andrew Kirell and Maxwell Tani