Think Information. Think Security.
Former U.S. president George W. Bush and some of his family members had their email accounts hacked by an anonymous hacker "Guccifer" according to the Smoking Gun. The crime and scandal site said Thursday that it exchanged emails with Guccifer, relating the hacker's claims "to have swiped 'a lot of stuff,' including 'interesting mails' about George H.W. Bush's recent hospitalization, 'Bush 43,' and other Bush family members."

Among the materials Guccifer published online were paintings by George W. Bush—self portraits of the former president in the bath, taking a shower, and visiting a church—as well as a "confidential October 2012 list of home addresses, cell phone numbers, and emails for dozens of Bush family members," correspondence between the Bushes and well-known figures like Fox news broadcaster Brit Hume, and even an email containing the security gate code for a Bush family residence.

Michael Sutton, head of research at cloud security firm Zscaler, believed that the perpetrator targeted the Bush family for sport rather than espionage. The fact that the attacker was all too willing to make the email contents public suggests that the attack was done for the challenge, as opposed to something more nefarious. The attacker did however clearly target the Bush family directly, having compromised accounts from multiple family members and friends.

Data protection expert Mark Bower of Voltage Security seconded that public email systems are accessible to the world and protected solely by a password. If that password is easily guessable, compromise is trivial.

Bower added that mobile devices like smartphones have added a new wrinkle to data security and are leaving people more vulnerable than they think.

"For convenience, many users let their smartphones remember their logins to email systems, Web mail, and so on without even a passcode protecting the device. Anyone who gets possession of the device could quickly access a potential goldmine of personal, private or financial data in the user's email account—or even data in their cloud services," he said.
The Voltage Security executive also warned that nothing short of encrypting all of one's files and digital correspondence is a truly secure solution."Don't think that encrypting your disk drive is the answer, nor is relying on SSL encryption to the mail server or cloud service. That only protects data to your browser and nothing else. The risk is to the data itself, so an encryption solution needs to protect that—the actual emails, attachments and the files in the cloud," Bower said.

As for Guccifer, by his own admission he may already be well-known to authorities. Reporting on their correspondence, the Smoking Gun said the hacker claimed he'd been under investigation by "the feds" for a "long time," but didn't fear them because "I have an old game with the f***ing bastards inside, this is just another chapter in the game."

Cross-posted from: PC Mag

Leave a Reply.