Email Security: Be Smarter Than A Politician
About 20 years ago, my life was in transition. I worked full time for a non-profit agency for a couple of years. The work was exhausting and involved a lot of travel. My boss was a highly motivated man who had little interest in life outside of work and expected the rest of us to be the same.
I wasn’t. I finished college, wrote a book, ended a bad relationship, and felt genuinely free for the first time in a long time. He wanted to work for the property rights of poor South Africans, but he also wanted to play the guitar.
Around that time, I started listening to a popular British band called Radiohead. I remember telling a date, a teacher, that I liked them. She said, “Oh yeah. My eighth graders too.” That was our last date.
One of the band’s great songs, which includes a searing solo by the incomparable guitarist Jonny Greenwood, contains the following lyrics:
You do it to yourself, you do it
And that’s what really hurts
Do you do it to yourself, only to you?
you and no one else
I’d like to dedicate that song to Hillary Clinton, her campaign chairman, John Podesta, and the Democratic National Committee…
hacked to pieces
Hillary Clinton’s email problems are legendary.
First there was the private server at the base. Then DNC emails were hacked, costing chair Debbie Wasserman Schultz her job. And this month, the whistleblowing organization WikiLeaks, which, contrary to press reports, is not pro-Trump but rabidly anti-Clinton, seized John Podesta’s personal emails.
Regardless of what you think about the content of these leaks (which, frankly, I find boring), the fact that these powerful people have been hacked so easily is astounding. What were they thinking? Didn’t they realize that email is just as secure as regular mail, if a determined hacker is after you?
clearly not. Like Colin Powell, whose own private emails were hacked a while back, Podesta was using a business email provider: Gmail.
For a famous person, using a free advertising-based email service like Google or Yahoo is like a platoon of Marines driving through Mosul in a VW minibus. Someone is going to put holes in you.
The Obama administration blames Russia for these hacks, which suits Hillary very well: she can deflect all the trouble by focusing on the perceived threat to our national security and electoral sovereignty. But if a Russian did the trick, he could have been a 10 year old…because the technique used was the simplest and oldest trick in the book.
Cybersecurity firm SecureWorks says the hacking method used to gain access to Podesta’s email account involved a link in an innocent-looking email doctored to appear to come from Google. The email asked Podesta to sign in to his Google account by clicking a hyperlink, which he did.
When Podesta clicked on the link, he was taken to a fake Google landing page where he entered his username and password. With that, the hacker had access to his entire email history.
It’s called phishing. Instead of a sophisticated brute force attack to crack Podesta’s password, the hacker tricked him into voluntarily handing over his login details.
In other words, Podesta did it to himself. Just him and no one else.
Avoid the email phishing hook
How can you avoid the same fate? It is easier than you think:
When you receive an email that asks you to log in to a website, be sure to check the link. All you have to do is hover your mouse cursor over the link. Google’s real address ends in .com. That’s the last piece of text before the first backslash in the link you see when you hover over it. This one ended in “tk,” which refers to the island of Tokelau in the South Pacific: a dead giveaway, if you’re looking, that is.
If you click on a link like Podesta’s, check the URL in the address bar of the web page you land on before doing anything else. If it ends in something other than the actual domain name of the correct publisher (ie Google.com), you are being phishing. Podesta’s phishing link ended with “tk,” the last part of the address before the first backslash. That would have been clearly visible in your web browser’s address bar, again, if you had been paying attention.
Don’t use free email for anything sensitive. No Google, Outlook, Yahoo, AOL, or Mail.com. As well as being ridiculously easy to hack, they all mine your personal emails for information about you that can be used to target advertisements to you.
go to the last mile
To be super safe, sign up for a secure email service like Protonmail or Tutanota. As well as being securely encrypted and unreadable by the companies that host them, both are run by privacy fanatics and based in Europe, out of reach of American spies.
There you have it. When it comes to email hacking, there is absolutely no need to do it yourself.