How vulnerable is your email? The lesson of Guccifer – USA TODAY
Following closely on the heels of the Inspector General’s report condemning Hillary Clinton’s use of her personal email account for government business while serving as Secretary of State, Marcel Lehel Lazar, who used the alias, Guccifer, recently pleaded guilty to aggravated identity theft and unauthorized computer access in the Federal District Court for Eastern Virginia.
As part of a plea agreement, seven other charges brought against him regarding his hacking activities were dismissed. Â He will be sentenced on September first.
It was Guccifer’s public leaking of emails Â from former Clinton adviser Sidney Blumenthal, whose email account he hacked in 2013, that first made public that Hillary Clinton was using a private email address of email@example.comÂ for official business. Â Although Guccifer claims to have also hacked into the private email account of Hillary Clinton, the fact that he never putÂ anything online that could be found on her email account, as he did with all of his other victims, makes his claim appear doubtful.
According to prosecutors, Guccifer hacked into the email accounts of about a hundred prominent people between October 2012 and January 2014. Although the names of the victims were not made public in court documents, it has been widely reported and confirmed that among the people whose email accounts were hacked are: Steve Martin, Colin Powell, John Dean, Mariel Hemingway, Lorne Michaels, Carl Bernstein, Rupert Everett, Eric Idle, Whoopi Goldberg and Â the writer of Downton Abbey,Â Julian Fellowes.
Through his hacking of Dorothy Bush Koch, the daughter of former President George H. W. Bush and sister of former President George W. Bush, Guccifer was able to steal copies of painted self-portraits of former President George W. Bush, which Guccifer posted on the Internet.
AlthoughÂ Guccifer hacked into the email accounts of many entertainers and politicians, he did not exploit his hacking targets for financial gain even though he could have easily done that. Â Rather his goals, more often, appeared to be to embarrass his victims and shake the world up a bit.
After hackingÂ Fellowes’ emailÂ he Â leaked the final episode of Downton Abbey, months before it was aired.Â His hacking of politicians and celebrities on both sides of the Atlantic made public various, potentially embarrassing details such asÂ emails possibly indicating an inappropriate relationship Â between Colin Powell and a European Parliament member, Corina Cretu.
Although Guccifer managed to hack into the accounts of so many prominent people around the world, the computer skills of Guccifer were quite limited and he never used sophisticated malware to accomplish his intrusions into the private emails of his victims.Â Rather, and perhaps more frightening is the fact that he was able to breach the security of so many people merely by exploiting the inherent vulnerabilities of passwords and security questions as the primary security elements for email.
One tactic Guccifer used was to get an email address of someone, such as he did with media icon, Tina Brown, who has an extensive email address book and harvest more email addresses of the rich and famous.Â He then would first attempt to guess the passwords of his intended targets.Â According to Guccifer, he guessed Colin Powellâs password by using the name of Powellâs grandmother.
Other times he answered his victim’s security question and changed the password to the account enabling him to take over the account and have access to all of the information stored there.Â Â In the case of Corina Cretu, Guccifer said he found the answer to her security question as to the name of the street where she grew up by finding on her Facebook page the name of the primary school she attended and then trying all of the street names close to that school until he came up with the correct street name.
Simple, publicly available information such as birth dates, or in the case of Corina Cretu, the school she attended, provided the keys to answering the security questions of his victims.Â He also used lists of the name of pets to answer security questions as well.Â And herein lies the lesson for us all.Â Even if you are not a celebrity, there is so much information about us all that is publicly available. Â Sometimes the information is even provided by us through our Facebook pages and other social media, making it is an easy task for a hacker to get at our email accounts as well as other password and security question protected accounts.
Protecting the security of your email address is important. Â The key to protecting your account from being hacked is to have strong passwords and strong security questions because it is just too easy for a hacker to guess the answer to common security questions.Â The key to an unbreakable security question is to have an answer that can never be guessed by a hacker.
So if your security question is “What is my favorite vegetable?” you should make the answer “fire truck” or some other totally illogical response.Â Don’t worry about remembering it yourself because if the question and answer are as ridiculous as this, you will remember it.
Steve Weisman is a lawyer, a professor atÂ Bentley UniversityÂ and one of the country’s leading experts in scams and identity theft. He writes the blogÂ scamicide.com, where he provides daily update information about the latest scams. His new book isÂ Identity Theft Alert.