Yesterday my boss - who isn't the most net savvy guy in the world - got an email from Paypal claiming that there was a problem with his credit card, so he logged into his account and updated his information.
Today he discovered an unexplained withdrawal for $2,600 from his Checkcard account. This is just minutes after I'd taken a look at this suspicious email and discovered that it didn't come from Paypal at all and instead directed the user to a domain called dancesforlifes.com which featured a facimile of the paypal login and html code that then sent his Id, Password and credit card information to a Gmail address.
All of this I mention just to point out that email security is not a joke and that many people will go to great lengths to get at the sensitive information we'd prefer to protect. Oh, and it appears that some of the staff of the White House have switched from the secure wh.gov server to using not just the RNC, but personal email accounts!.
Via Muckraker, U.S. News reports that “just a week after E-mails in the U.S. attorneys case became a main focus of congressional Democrats probing the firings, several aides said that they stopped using the White House system except for purely professional correspondence.”
"We just got a bit lazy," said one aide. "We knew E-mails could be subpoenaed. We saw that with the Clintons but I don't think anybody saw that we were doing anything wrong."
But rather than use RNC accounts, “they have subsequently bought their own private E-mail system through a cellular phone or Blackberry server. When asked how he communicated, one aide pulled out a new personal cellphone and said, ‘texting.’”
As was pointed out in the Recommended Diary by citizen92 earlier this week, allowing their communications to be stored on unsecured non-government servers is a major security threat simply waiting to be exploited. All someone needs to do is crack the password and they're in.
The White House is a huge target for electronic espionage by friendly and hostile foreign powers. For those of you who may have visited Washington, this may be evident when you stroll by the various embassies scattered around the city -- with their unusual sculptures of antennas and wires on their roofs. The Russians have a compound just three blocks north of the White House.
The US Government spends undisclosed amounts on countermeasures to protect its critical information and its secure networks. And it has the experts to make sure that those countermeasures are working.
But what if someone in the White House chooses to not use those counter-measures (simply to avoid leaving a subpoena-able trail of bread-crumbs) and as a results gets their password jacked?
I personally know how easy this is to accomplish. Not simply because of what happened to my boss yesterday, but because once upon a time one of best friends was a hacker. Not just any hacker - The Hacker. Kevin Mitnick and I went to High School together (he later spent several years on the run from federal authorities, I - after realizing I didn't want to go Kevin's way, went on to work for the IT department at Northrop-Grumman). Way back in the late 70's I got to see first hand how he used to create password phishing programs just like the one I described at the top of this post to access LAUSD, USC and UCLA logon accounts.
Ah, the classics never fade away it seems.
Besides the security issues, this also may blow WH claims of extended executive priviledge completely out of the water. From Josh Marshall.
(Note: You can view every article as one long page if you sign up as an Advocate Member, or higher).