BuzzFeed’s creative director has already admitted to masterminding trollthensa.com, a plot to flood the NSA’s servers with bogus "terrorist" emails. But before he’d said a word, and before a spokeswoman for BuzzFeed told the Daily Beast there was no conflict of interest, here's how GlobalPost traced the trolls back to Chris Baker.
1. OpTrollTheNSA's contact email is hosted on a gmail domain
Now that everyone knows about PRISM and Google's involvement with the program, it seems ill-advised to use a gmail account to troll the NSA. Anyone with a basic knowledge of information security knows using a gmail account in a super-secret op is decidedly not "1337."
2. Keep your name out 'dem meta tags
It was clear from a look at the HTML meta tags of the Facebook page attached to trollthensa.com that it belonged to funkmasterbaker, aka Chris Baker. This came from Baker's use of Insight, an analytic tool developed by Facebook that links to the user's account.
As Facebook explains: "To see Insights for your website, you must first claim your domain by associating it with a Facebook app that you manage, or with your Facebook user account."
To link the site with his Facebook account, Baker used meta tags with his Facebook username and https://www.facebook.com/funkmastabaker.
Funkmastabaker is not a 1337 "h4x0r" — hacker — since any hacker worth their salt knows ...
3. Facebook is the arch nemesis of anonymity
Facebook, too, is part of the NSA's PRISM program. But in addition to giving away personal information to the government for free, Facebook also sells it to third parties.
4. Using Google Analytics on top of Facebook Insight
Trollthensa.com also runs Google Analytics scripts to track traffic data. If Google is telling you how many people are visiting your website, the NSA probably knows who you are. Not 1337.