Democratic Underground Latest Greatest Lobby Journals Search Options Help Login
Google

The White House's impending email disaster

Printer-friendly format Printer-friendly format
Printer-friendly format Email this thread to a friend
Printer-friendly format Bookmark this thread
This topic is archived.
Home » Discuss » Archives » General Discussion: Presidential (Through Nov 2009) Donate to DU
 
Vyan Donating Member (990 posts) Send PM | Profile | Ignore Thu Mar-29-07 09:55 AM
Original message
The White House's impending email disaster
Yesterday my boss - who isn't the most net savvy guy in the world - got an email from Paypal claiming that there was a problem with his credit card, so he logged into his account and updated his information.

Today he discovered an unexplained withdrawal for $2,600 from his Checkcard account. This is just minutes after I'd taken a look at this suspicious email and discovered that it didn't come from Paypal at all and instead directed the user to a domain called dancesforlifes.com which featured a facimile of the paypal login and html code that then sent his Id, Password and credit card information to a Gmail address.

Oh shit!.

All of this I mention just to point out that email security is not a joke and that many people will go to great lengths to get at the sensitive information we'd prefer to protect. Oh, and it appears that some of the staff of the White House have switched from the secure wh.gov server to using not just the RNC, but personal email accounts!.

Oy Vey.

From Thinkprogress.

Via Muckraker, U.S. News reports that “just a week after E-mails in the U.S. attorneys case became a main focus of congressional Democrats probing the firings, several aides said that they stopped using the White House system except for purely professional correspondence.”

"We just got a bit lazy," said one aide. "We knew E-mails could be subpoenaed. We saw that with the Clintons but I don't think anybody saw that we were doing anything wrong."

But rather than use RNC accounts, “they have subsequently bought their own private E-mail system through a cellular phone or Blackberry server. When asked how he communicated, one aide pulled out a new personal cellphone and said, ‘texting.’”


As was pointed out in the Recommended Diary by citizen92 earlier this week, allowing their communications to be stored on unsecured non-government servers is a major security threat simply waiting to be exploited. All someone needs to do is crack the password and they're in.

The White House is a huge target for electronic espionage by friendly and hostile foreign powers. For those of you who may have visited Washington, this may be evident when you stroll by the various embassies scattered around the city -- with their unusual sculptures of antennas and wires on their roofs. The Russians have a compound just three blocks north of the White House.

The US Government spends undisclosed amounts on countermeasures to protect its critical information and its secure networks. And it has the experts to make sure that those countermeasures are working.


But what if someone in the White House chooses to not use those counter-measures (simply to avoid leaving a subpoena-able trail of bread-crumbs) and as a results gets their password jacked?

I personally know how easy this is to accomplish. Not simply because of what happened to my boss yesterday, but because once upon a time one of best friends was a hacker. Not just any hacker - The Hacker. Kevin Mitnick and I went to High School together (he later spent several years on the run from federal authorities, I - after realizing I didn't want to go Kevin's way, went on to work for the IT department at Northrop-Grumman). Way back in the late 70's I got to see first hand how he used to create password phishing programs just like the one I described at the top of this post to access LAUSD, USC and UCLA logon accounts.

Ah, the classics never fade away it seems.

Besides the security issues, this also may blow WH claims of extended executive priviledge completely out of the water. From Josh Marshall.

his may have been too clever by half. If the president’s aides were using RNC emails or emails from other Republican political committees, they can’t have even the vaguest claim to shielding those communications behind executive privilege.”


And they certainly can't use that claim to protect emails on their personal blackberry and cell phone now can they?

Oh, and by the way - other federal agencies have banned this practice for security reasons.

A reader who has a security role at a federal agency writes, "On the issue of using outside/unofficial e-mail address from official sites, the CIO at has expressly forbade the practice for security reasons as it is all too easy to put sensitive information in an e-mail. ... Needless to say, hearing that the WH does not mandate that practice and lets do 95% of his e-mailing from a blackberry, presumably with access to an unofficial address, is quite shocking. Still find it absolutely amazing that his clearance has not been revoked."


"Amazing" simply isn't the world for it.

Getting zapped for a couple grand is pretty bad, but just imagine how much of the nation's assets are being put a risk by these WH jackasses?

I think Fraking Criminally Negligent is a good set of words for it - how 'bout that?

Vyan

(Crossposted on My Blog, stop by and say "Hi" some time!)
Printer Friendly | Permalink |  | Top
MUAD_DIB Donating Member (1000+ posts) Send PM | Profile | Ignore Thu Mar-29-07 09:58 AM
Response to Original message
1. Thanks for the info. Now could I have your Mother's maiden name.
Printer Friendly | Permalink |  | Top
 
AwakeAtLast Donating Member (1000+ posts) Send PM | Profile | Ignore Thu Mar-29-07 09:59 AM
Response to Original message
2. Very insightful.
Everyday Americans who don't get it yet are about to, I think.

I foresee many more hearings around this.

Thanks for posting! :hi:

K & R!
Printer Friendly | Permalink |  | Top
 
AndyA Donating Member (1000+ posts) Send PM | Profile | Ignore Thu Mar-29-07 10:00 AM
Response to Original message
3. Going outside of the secure White House server is compromising our
nation's security.

What kind of secrets could the terrorists have intercepted and used against us?
Printer Friendly | Permalink |  | Top
 
librechik Donating Member (1000+ posts) Send PM | Profile | Ignore Thu Mar-29-07 10:02 AM
Response to Original message
4. and Yahoo, Google and the NSA have copies.. Good thing Rove has nothing to hide!
Edited on Thu Mar-29-07 10:05 AM by librechik
and NSA spying on millions is AOK!
Printer Friendly | Permalink |  | Top
 
jwirr Donating Member (1000+ posts) Send PM | Profile | Ignore Thu Mar-29-07 10:03 AM
Response to Original message
5. PayPal and Ebay warn users to not open emails sent to them
because it is people phishing for you data. They tell you to handle all correspondence from inside the actual program.
Printer Friendly | Permalink |  | Top
 
gratuitous Donating Member (1000+ posts) Send PM | Profile | Ignore Thu Mar-29-07 10:06 AM
Response to Original message
6. And another security threat they may not have counted on . . .
Since the law demands that official government business be conducted on secure government servers and domains, it stands to reason that the communication traffic going back and forth on private servers is . . . not official government business.

And what does that mean? Well, if it's not official government business, there's no colorable claim to be made for executive privilege. These folks might have been just a smidgen too cute for their own good.
Printer Friendly | Permalink |  | Top
 
Webster Green Donating Member (1000+ posts) Send PM | Profile | Ignore Thu Mar-29-07 10:20 AM
Response to Original message
7. I get that "PayPal" spam all the time...
It's very slick. They even have all the security warnings from the actual PayPal pages, but then there is a link button that takes you to the scam site. The tip-off for me is the e-mail comes to one of my e-mail accounts that isn't even registered at paypal.
Printer Friendly | Permalink |  | Top
 
Tandalayo_Scheisskopf Donating Member (1000+ posts) Send PM | Profile | Ignore Thu Mar-29-07 10:31 AM
Response to Original message
8. If anyone thinks...
That coincidence and happenstance are at the root of the White House's lax email policies...well, I have a bridge to sell them.
Printer Friendly | Permalink |  | Top
 
kath Donating Member (1000+ posts) Send PM | Profile | Ignore Thu Mar-29-07 10:45 AM
Response to Original message
9. He hadn't heard about "phishing"? Yikes - I'm not the most net-savvy person either, but
I've known about this for at least 1 1/2 - 2 years.
Printer Friendly | Permalink |  | Top
 
ShortnFiery Donating Member (1000+ posts) Send PM | Profile | Ignore Thu Mar-29-07 11:07 AM
Response to Original message
10. Yes! Finestein is nailing Sampson right now based on emails he had sent. n/t
Printer Friendly | Permalink |  | Top
 
arendt Donating Member (1000+ posts) Send PM | Profile | Ignore Thu Mar-29-07 02:39 PM
Response to Original message
11. Thanks for yet another example of "obeying the law is optional if you are GOP"
I grow weary of smart people like you, all over the internet, laying out case after
case that a freshly-minted DA could slam-dunk, but the legal system and the
news media couldn't care less, because its just the GOP.

I am beginning to think the Mafia is right. Brutality trumps brains any time.

America is the most corrupt place I have had the misfortune to live.

arendt
Printer Friendly | Permalink |  | Top
 
Vincardog Donating Member (1000+ posts) Send PM | Profile | Ignore Thu Mar-29-07 02:57 PM
Response to Original message
12. I got that email too. I forwarded it to PayPal security.
Printer Friendly | Permalink |  | Top
 
Morgana LaFey Donating Member (1000+ posts) Send PM | Profile | Ignore Thu Mar-29-07 04:34 PM
Response to Original message
13. Man, I've gotten those PayPal emails and they look stunningly
STUNNINGLY valid. It's a damn good thing I've so far remembered that this isn't the way PayPal works....

Tough luck.

But good post. :D
Printer Friendly | Permalink |  | Top
 
bananarepublican Donating Member (1000+ posts) Send PM | Profile | Ignore Fri Mar-30-07 09:33 AM
Response to Original message
14. I'm sure the NSA has captured all of this data!
Wouldn't it be great if Bush's illegal domestic spying program ended up biting his administration in the BIG-TIME-butt!!!
Printer Friendly | Permalink |  | Top
 
DU AdBot (1000+ posts) Click to send private message to this author Click to view 
this author's profile Click to add 
this author to your buddy list Click to add 
this author to your Ignore list Thu Dec 26th 2024, 11:16 AM
Response to Original message
Advertisements [?]
 Top

Home » Discuss » Archives » General Discussion: Presidential (Through Nov 2009) Donate to DU

Powered by DCForum+ Version 1.1 Copyright 1997-2002 DCScripts.com
Software has been extensively modified by the DU administrators


Important Notices: By participating on this discussion board, visitors agree to abide by the rules outlined on our Rules page. Messages posted on the Democratic Underground Discussion Forums are the opinions of the individuals who post them, and do not necessarily represent the opinions of Democratic Underground, LLC.

Home  |  Discussion Forums  |  Journals |  Store  |  Donate

About DU  |  Contact Us  |  Privacy Policy

Got a message for Democratic Underground? Click here to send us a message.

© 2001 - 2011 Democratic Underground, LLC