[Exclusive to the Media Equalizer]

In an attempt to unmask anonymous tipsters, did an embattled CNN reporter use a phishing tactic to gather private information?

Andrew Kaczynski appears to be a serial doxxer.

The former Buzzfeed contributor and current host of CNN’s KFile has been implicated in another attempt to reveal the identity of online sources.

By seeming to plant foreign web bugs into personal emails, a common phishing tactic used to determine IP address, location, and other identifying information, new questions have been raised regarding ethical practices inside the troubled news network.

A recent email exchange with an anonymous conservative group has been obtained by Media Equalizer. In the discussion, Kaczynski feigns interest in a scoop that’s being offered.

At one point, he attempts to sneak a web bug into the conversation, with the apparent goal of luring the recipient into clicking the link. Doing so would give Kaczynski the IP address, location, and other metadata included in the email recipient’s account.

The online world was set ablaze this week by Trump’s tweet featuring an old WWE video, and the subsequent investigation into who created the memed video.

Kaczynski claims he discovered the identity of the online Reddit user who created the animated GIF by, as he says in his own report, “determin[ing] key biographical details, to find the man’s name using a Facebook search and ultimately corroborate details he had made available on Reddit.”

He does not state whether those details were made available voluntarily.

Kaczynski issued a now-infamous statement accepting the apology of the original creator of the video. After the anonymous man agreed to stop being “offensive” on Reddit, Kaczynski magnanimously offered not to reveal who he was — but that “CNN reserves the right to publish his identity should any of that change.”

Now, he’s done it again.

*** To support the Media Equality Project’s ongoing efforts, click here ***

The web bug that Kaczynski uses, MailTrack.io, is based in Spain and seems inoccuous enough. It is advertised as a way for email marketers and business professionals to track whether emails are being opened.

Much like the tools available in MailChimp or Constant Contact, it reports when an email was opened, who opened it, how many times it was opened, which links were clicked, and the like.

What it also does is provide the IP address, location, computer used, time when the link was clicked, operating system and browser, and cookie information.

All the email recipient has to do is click on the link, not suspecting that it redirects to another website that gathers all this information in a flash.

Phishers can use this information to narrow down possible identities, and can use social media searches to fill in the blanks.

As noted at Ricochet in the wake of the controversy about Trump’s tweet:

This isn’t Kaczynski’s first attempt at destroying a private citizen’s life. As a BuzzFeed reporter, he gained notoriety for publicizing a lame joke Tweeted by a 30-year-old PR director named Justine Sacco. As Sacco was boarding a plane from London to Cape Town, South Africa, she poked fun at many people’s poor understanding of the continent.

Kaczynski decided the joke was racist and helped gin up a digital lynch mob while she was in the air for 11 hours sans internet. By the time Sacco landed, she was mobbed by reporters, was fired from her job, and had to go into hiding. [Update: Another link demonstrating Kaczynski’s role is here.]


Is it possible that Kaczynski installed this Gmail extension with the best of intentions? Sure.

Is it also possible that CNN as an organization uses this tool for legitimate reasons? Absolutely.

The Media Equalizer has reached out to him and will update our story with any response.

Given Kaczynski’s past activities, however and the current controversy that is swirling around him, it would seem that he ought to clear the air on exactly how he uncovered the Reddit user behind the video.

In addition, he should disclose what he intended to do with the tip from the anonymous conservative group mentioned in this story, and how he’s using the information he uncovers.

Instead of merely reporting it, Kaczynski has seemingly become the story.


EDITOR’S UPDATE [Further updates to the story coming soon]: CNN was lightning-fast in demanding this story be retracted, setting off a Twitter war. From the network’s VP of communications and our own Melanie Morgan:


UPDATE 6:31pm: Kaczynski responded to our request for comment, saying, “Hey Jeff.  FYI, Mailtrack is just a Google extension that tells you if an email was read. It’s a read receipt. It doesn’t tell identifying information – so it couldn’t be used to dox someone.”

The anonymous contact made it explicitly clear that they wished to maintain their online anonymity in passing along the story. Regardless of whether MailTrack was intentionally used in the way described, Kaczynski still had ample opportunity to find the same information – by using CNN’s referrer logs on their own servers.

A second response from Kaczynski says, “What you wrote is not true and is enflaming people who are threatening me and my family.  Mailtrack.io does not tell ip address or location. You need to correct this as soon as possible.”

An online review of MailTrack comes to the following conclusion:

Bottom line

I love how this extension’s checkmark indicators make it convenient to tell, at a glance, an email’s tracking status without having to open the email or visiting your user page on the MailTrack site. The pop-up notification cards are also nice.

The real downside: It’s a little weird and intrusive that you cannot switch tracking off under a free account. Not only does this raise potential personal privacy concerns, it could also be a problem if you need to send email to someone who uses email through a network or service that blocks tracked emails or flags them as spam.

Personal note: within five minutes of sending the email to Kaczynski asking for comment, my anti-virus software reported a malicious attack of high severity on my computer that it blocked. I haven’t had that happen in months. I have no idea where this attack originated, but it sure was strange timing.