by WASHINGTON (AP) – The Associated Press reported Thursday that someone with access to the work email account of Ohio Republican Senate candidate Bernie Moreno created a profile in late 2008 on an adult website, seeking casual sexual encounters with men.
The story relied on records from several publicly available sources of information, including a leaked 2016 database from the website Adult Friend Finder, current records the site makes available online about past profiles and currently, property records and business filings, as well as archiving. versions of Adult Friend Finder websites and businesses Moreno once owned.
The AP could not definitively confirm whether Moreno himself created the profile.
Questions about the profile have circulated in GOP circles for the past month. On Thursday afternoon, two days after the AP first asked Moreno’s campaign about the account, the candidate’s lawyer said a former intern created the account as a hoax. The lawyer provided a statement from the intern, Dan Ricci, who said he created the account as “part of a juvenile prank.”
“I am deeply ashamed of the subversive ostracism I pulled on my friend, and former boss, Bernie Moreno, almost two decades ago,” Ricci said. The AP could not independently confirm Ricci’s statement and did not immediately respond to a request for comment. Ricci donated $6,599 to Moreno’s campaign last year, according to campaign finance records.
Moreno’s lawyer, Charles Harder, insisted that Moreno had nothing to do with the AFF account.”
This is how AP reported the story:
MAJOR DATA BREACH
In 2016, the website Adult Friend Finder was the subject of a massive and well-documented data breach that exposed the personal information of millions of users, including a large number of old accounts that appeared to have been previously closed or left dormant. The episode, which was widely reported at the time, was the second such breach of the website, following a smaller leak the previous year.
That data is still available online. The AP found the files, downloaded them from a publicly accessible location and matched the content with previous reporting on the extent and nature of the leaked data.
The data included a unique account number, as well as a work email address for Moreno – bernie@clevelandporsche.com – that was once listed for him on his dealership’s website. He also listed a username, “nardo19672.”
Jake Williams, a prominent cybersecurity researcher and former offensive hacker from the National Security Agency, independently confirmed that the email address was included in a copy of the leaked data.
The AP confirmed that the email address was publicly listed as Moreno’s by using a website called the WayBack Machine, which preserves data online so it can be retrieved later, even after a site has been edited or removed. Moreno’s company page listed the address associated with it in 2010, and internet domain registration filings show that one of Moreno’s companies had the domain name clevelandporcshe.com in 2008, when the account was created.
In order to complete the creation of an account on Adult Friend Finder and successfully log in at the time, a user would need access to the email address they used to set it up, according to an archived copy of the site since 2008. The reason, the company explained, because that’s where the account password needed to log in would be sent.
“Adult Friend Finder requires only a valid email address to become a member of this site, as you will not be able to retrieve your password without one,” the company said on its website in 2008.
Data obtained by the AP show that the account was authenticated by someone with access to Moreno’s work email address about two minutes after it was created.
‘INVITING YOUNG PEOPLE TO JOIN SPORTS’
The AP used the unique account number obtained from the leaked data to obtain additional information for the online profile from a publicly accessible data portal, known as an API, on the Adult Friend Finder website. It revealed that the account was created in late 2008 and was used for about six hours.
Beyond the work email, geolocation data shows the account was set up for use in a part of Fort Lauderdale, Florida, where property records show Moreno’s parents owned a home at the time. The account’s username – nardo19672 – appears to be a reference to Moreno’s full first name, Bernardo, as well as the year and month of his birth in February 1967.
And the profile itself, still visible online, lists Moreno’s correct date of birth.
Metadata obtained from Adult Friend Finder shows that the creator of the profile was interested in meeting “Men for 1-on-1 sex,” said they “preferred not to say” their marital status, and rejected their bias sexually exposed.
“Hi, looking for young guys to have fun with while traveling,” reads a caption on the photoless profile.
Cybersecurity experts say the account appears to have been closed, but the company has kept the data and it is publicly searchable. His username in the leaked data was preceded by the designation “rm_,” which is a common flag for programmers to indicate that an account has been removed or closed.
But as was often the case before new rules protecting personal information took effect, websites often did not actually delete the data.
“It’s very common that they would keep those accounts,” said Williams, who said a similar phenomenon occurred when data was leaked from the website Ashley Madison, which catered to married people looking for affairs. “We had a lot of people who said: ‘How do they have this? I destroyed this years ago.’ The answer is: Your stuff isn’t really destroyed.”
___
Associated Press data reporter Larry Fenn contributed to this report.
