About 20 years ago, my life was in transition. I worked full time for a non-profit agency for a couple of years. The work was exhausting and involved a lot of travel. My boss was a highly motivated man who had little interest in life outside of work and expected the rest of us to be the same.
I was not. I finished college, wrote a book, ended a bad relationship, and felt really free for the first time in a long time. He wanted to work for the property rights of poor South Africans, but he also wanted to play the guitar.
Around this time, I started listening to a popular British band called Radiohead. I remember telling a date, a teacher, that I liked them. She said, “Oh yeah. My eighth graders are too.” That was our last date.
One of the band’s great songs, featuring a gripping solo by the incomparable guitarist Jonny Greenwood, contains the following lyrics:
You do it to yourself, you do it
And that’s what really hurts
Do you do it to yourself, only to yourself?
You and no one else
I’d like to dedicate that song to Hillary Clinton, her campaign chairman John Podesta, and the Democratic National Committee …
Hacked to pieces
Hillary Clinton’s email problems are legendary.
First there was the private server in the basement. Then the DNC emails were hacked, costing President Debbie Wasserman Schultz her job. And this month, the whistleblowing journalistic organization WikiLeaks, which, contrary to press reports, is not in favor of Trump, is only rabidly against Clinton, seized John Podesta’s personal emails.
Regardless of what you think of the content of these leaks (which, frankly, I find boring), the fact that these powerful people were hacked so easily is staggering. What were they thinking? Didn’t you realize that email is as safe as regular mail, if a determined hacker is after you?
Clearly not. Like Colin Powell, whose own private emails were hacked a while ago, Podesta was using a commercial email provider: Gmail.
For a famous person, using a free ad-based email service like Google or Yahoo is like a platoon of Marines driving through Mosul in a VW minibus. Someone is going to poke holes in you.
The Obama administration blames Russia for these attacks, which suits Hillary very well: It can deflect all questions by focusing on the alleged threat to our national security and electoral sovereignty. But if a Russian did the trick, it could have been a 10-year-old boy … because the technique used was the simplest and oldest trick in the book.
Go to Phish
Cybersecurity firm SecureWorks says the hacking method used to gain access to Podesta’s email account involved a link in an innocent-looking email that was rigged to appear as if it came from Google. The email asked Podesta to log into his Google account by clicking on a hyperlink, which he did.
When Podesta clicked on the link, he was taken to a fake Google landing page where he entered his username and password. With them, the hacker had access to your entire email history.
It’s called “phishing.” Instead of a sophisticated brute force attack to crack Podesta’s password, the hacker tricked him into giving up his login details voluntarily.
In other words, Podesta did it to himself. Just him and no one else.
Avoid email spoofing hook
How can you avoid the same fate? It is easier than you think:
- When you receive an email asking you to log into a website, be sure to check the link. All you have to do is hover your mouse cursor over the link. The actual Google address ends in.com. That’s the last chunk of text before the first backslash in the link that you see when you mouse over it. This one ended in “tk”, which refers to the island of Tokelau in the South Pacific: a clear indication, if you’re looking, sure.
- If you click on a link like Podesta’s, check the URL in the address bar of the web page you are accessing before doing anything else. If you end up in something other than the actual domain name of the correct publisher (ie Google.com), you are being the victim of phishing. Podesta’s phishing link ended in “tk”, the last part of the address before the first backslash. That would have been clearly visible in the address bar of your web browser, again, if you were paying attention.
- Don’t use free email for sensitive matters. Without Google, Outlook, Yahoo, AOL, or Mail.com. In addition to being ridiculously easy to hack, they all mine your personal emails for information about you that can be used to target ads to you.
Go the last mile
To be super secure, sign up for a secure email service like Protonmail or Tutanota. As well as being securely encrypted and unreadable to the companies that host them, they are both run by privacy freaks and based in Europe, out of reach of American spies.
So there you have it. When it comes to email hacking, there is absolutely no need to do it yourself.