The FF Outcasts - Where are they now?


Of course one of the targets that Chris had was one Jim O Callaghan , husband of Miriam.

Will Miriam invite him onto her show or will cousin Ryan have to do it when she fecks off for the winter. ??? :smiley:


those FF chappies knew they were after Chris Andrews, this elaborate sting is more sexed up than what it is.

BTW, just because he was sending anonymous tweets does not diminish the sentiment that FF are a cabal who enrich themselves at the expense of everyone else… Pretty much the denial is now limited to the hard core muppets.

The commentary on this one in the newspapers, the sympathies lie with the FFers themselves who were at the receiving end


Jim O Callaghan is Miriam O Callaghan’s brother, not her husband. She is married to Steve Carson.


I wonder who really did the tech work for them. Perhaps I’m stereotyping, but I find it hard to imagine a career FF apparatchik writing a URL shortener.

Amazing how so often in Ireland the meta-story is more interesting than the story itself.


I would say a private detective was used.


the level of detail in the dossier would suggest that someone intends to sure for defamation (and recover costs of the investigation) rather than merely stop Chris saying mean things


Well if we’re idly speculating, what sort of attention do you think these actions brought to Chris Andrews? … 1-Jun2011/ … is.andrews


I’d imagine Mossad have bigger fish to fry, if that’s what you’re getting at!


As I say, just idle speculation!!! It is a wierd story though!


Agreed. That takes a bit of skill and creativity, unless they are a professional hacker gun for hire type… Its all a little bit creepy. I really hope we eventually find out who did the undercover work. Dying to know more. The subplot is definitely the story of interest here as evilal says below.


This kind of stuff works both ways…

So, I have gone back through the archive for @john_cant_type on topsy and Google. He has many tweets containing shortened links (most using twitter’s own I have resolved most of them manully and they all are kosher, apart from this one:

Note the link in the original tweet to
This resolves to … 26349.html

Which then redirects to the article, … 26349.html

But what is

Accessing it takes you to the Irish Times, unless you start your URL with /news/ in which case it strips the /news/ and takes you to the corresponding URL on the indo website.

I can find few mentions of in google, except in the twitter account of another john: John O’Neill, john_on_dublin

He uses this account exclusively on April 11 to test links via the redirection service, almost as if he’s testing it. Unlike @john_cant_type, this one has not been deleted.

There are posts on from two different users (apparently a male and a female) linking to this pictures of alarm panels, hosted on

At one stage he was selling a 1990 Toyota Carina II (since replaced with a different pic). It is possible to find the car reg with a bit of google foo.

That user may not be the person concerned of course. They do appear to have technical knowledge based on other posts on is hosted on on their shared web hosting service, and was registered with Godaddy in 2004. It was updated (ie probably transferred) on 02-apr-2012.

According to the wayback machine, in May 2009 it was an actual storage company ( …

I have no idea whether is the honeypot or not, but it would be something like this anyway – an intermediate URL redirector that takes you to the article you want but logs your IP (and probably browser details) on the way.


Evilal, I am in awe! This is fascinating. Well done. Wow. Can’t wait to go over what you have discovered in detail right now!


For posterity, a screen grab of the test account, @john_on_dublin. I suspect it will get deleted shortly.


Thanks. None of that was particularly hard to find. Since the person doing this wasn’t doing anything illegal, they had no real motivation to hide their tracks. I think it’s a neat trick and they obviously have good tech skills. I have nothing against them. I presume they were hired to find the IP of a twitter user, and they delivered using a clever hack.

This really highlights the ease of discovering who someone is if you can get them to click on a link. Proxies etc only go so far, and attackers can use some fairly convoluted methods to get your IP details if they can get you to click on a link.

Read this story on Wired if you want a flavour of how the pros do it.


Any idea how the IP address was connected to the internet cafe?


Two options:

  1. The cafe had a block of IPs that was registered properly to it with RIPE; or

  2. The investigator knew what cafe it was likely to be, went in, paid for access, visited or to check the IP of the cafe, and checked that it matched the one @brianformerff was coming from


Hadn’t thought of the second one.

So are all 300 tweets cached anywhere? I’ve had a look and can’t find them.

If the wife of the guy who claims to have uncovered this was insulted it should be easy enough to narrow down the list.


Great read in wired. Remarkably hard to hide oneself these days. Staying away from computers would help I suppose. It’s amazing how many people were interested in tracking down the writer. Having said that - looking at the ebay profile for makemorespace, we can see that he is into horses, has kids, and attended a police concert in dublin :imp:

edit: … ackAsBuyer


No reason to think that eBay profile belongs to the same person…


Using the wayback machine: …
Click on “check out our current ebay listings”.
Same person.