Wednesday, August 03, 2016

Spoofing Hillary

I've read in a few places that the Russians may have had Hillary's email password. Doesn't that change the problem a bit? It's not that they could have been reading her emails, it's that they could have been writing and sending emails in her name. Imagine what  they could have told people to do with all the authority of the Secretary of State.

How often do you go through your "sent" folder? How often do you think Hillary did, particularly if she didn't suspect her password was compromised? Not only that, they could have deleted their sent emails as soon as they sent them, removing all but the server log traces of them.

In this day and age where so many things are done via email, how hard would it have been for them to come up with interesting ways to take advantage of their ability to electronically pose as her? Combine a spoof of SecState with a couple of enemy agents in the department and you can execute some really wild schemes against the US.


tom said...

I trust you're familiar with one of the new trends in phishing... attackers compromise the boss' account, learn his writing style, then direct underlings to wire money to strange accounts.

K T Cat said...

No, but I thought of that one while pondering what I would do were I a Russian with her credentials. How about this one: Ask an intel analyst to ship sensitive data to one of your agents over the classified channels? It all seems perfectly normal and legal, but you're funneling data right into their spies. The possibilities are enormous.

tim eisele said...

I think we need to train people with email similarly to the way that we train people with firearms and explosives:

Firearms - The gun is always loaded, treat it accordingly.
Explosives - The composition is always unstable, be prepared for an explosion at any time.
Email - The email is always insecure, anything you send by email is now public, and any email you receive that claims to contain critical information is fraudulent until proven otherwise.

tom said...

Tim, sort of like "never write what you can say, never say what you can imply, etc"?