Football player hacked live during NFL draft

Experts had Laremy Tunsil flagged as one of the top prospects in Thursday night’s NFL draft. But shortly before the opening pick, something disturbing happened. An incriminating video tweeted from Tunsil’s own verified Twitter account showed the Ole Miss star smoking a “marijuana-like substance” from a gas mask.

It quickly became clear that Tunsil’s account was hacked by someone who not only had damaging information on the player, but a deep desire to sabotage his career.

This meticulously-timed hack caused Tunsil’s stock to plummet – though he was eventually nabbed by the free-wheeling Miami Dolphins with the 13th overall pick – and may have cost him more than $13 million.

The nightmare doesn’t end there. Moments after being picked, more information was leaked. This time, LT’s hacked Instagram account posted two screencaps of text conversations that show him asking an Ole Miss coach for money to help pay his rent and his mom’s electric bill, which would be a violation of NCAA rules.

Keep in mind, the Instagram leak was unfolding as Tunsil was being interviewed live by the media, catching him completely off guard:

Meanwhile, back at Ole Miss, the powers that be are all:

OK, so this is a bloody disaster. Clearly someone had access to Tunsil’s accounts long before the draft and had been planning on crushing his dreams.

But who dunnit? Was it a mad ex-girlfriend? A jealous friend who happened to know that his password to everything is, let’s guess, “f00tball”? The stepfather with whom he is engaged in a lengthy legal battle? A fellow Ole Miss student who watched him type his password in the computer lab? An actual hacker who phished his credentials and tried to extort him?

It’s not yet clear who hacked Tunsil, but what is crystal clear is that his agent doesn’t understand cybersecurity. Here’s his statement:

Wow. Where do we begin? We could make educated guesses about what “open source hacking” is (why does open source always get dragged through the dirt?!), but I’m more interested in pointing out the embarrassing attempt at deflecting Tunsil’s transgressions. The agent cites the “shortcomings” of the US government and some mythical Silicon Valley cybersecurity conglomerate as the real issue. As if we had big switch labeled “allow hacking” that we could flip on and off.

For the sake of everyone who is trying to help make the world’s information more secure, I truly hope this statement gets the ridicule it deserves as a lame PR jiu-jitsu tactic and isn’t a reflection of how the layperson thinks cybersecurity works.

UPDATE 4/29 3:03PM ET: Alas, the agent’s statement turned out to be false (or at least unconfirmed; the story is still developing). Bad on me for believing a statement this ignorant could be real, but sadly the mainstream commentary around infosec has made it hard to distinguish misguidance from parody.