Word is out from multiple intelligence sources and security researchers that Hillary Clinton campaign chairman John Podesta’s Gmail account was hacked by (you guessed it!) Russian hackers under the direction of the Russian government (aka Vladimir Putin), for public distribution of Podesta’s email messages via Putin’s propaganda publishing arm: Julian Assange’s WikiLeaks. All of this in furtherance of Putin’s “Get Ignorant Puppet Trump Elected U.S. President!” project.
Apparently Podesta fell victim to a typical “spear phishing” attack, typing his Google Gmail credentials into a convincing (but fake) Google login page.
People fall for this kind of thing every day.
But don’t blame Google, because Google already provides the means to make such attacks enormously more difficult — 2-Step (“2-Factor”) Verification.
The problem is that despite Google’s constantly entreating users to avail themselves of this, most people don’t want to bother until after they’ve been hacked!
To be clear, I don’t know for an absolute fact that Podesta wasn’t using Google 2-Step Verification. But the sequence of events being reported would appear to make it extremely unlikely, because while 2-factor systems don’t make such attacks absolutely impossible to succeed, they do indeed make successful phishing attacks less likely by orders of magnitude.
And it’s not as if Google doesn’t provide plenty of choices when setting up this kind of protection.
It can be done by text messages, by automatic calls to voice phone numbers, and by authenticator apps that don’t need network access. It can even by done via high security USB-based crypto keys and printed emergency backup codes!
It’s too late for Podesta. But it’s not too late for you to protect yourself from Putin, Assange, and the more prosaic crooks who wander the Net.
If you use Gmail or other Google services, go turn on 2-Step Verification. If you use some other email system that offers 2-factor protections, go and enable them — now!
I published a write-up earlier this year explaining how to do this with Google. It’s at: Do I really need to bother with Google’s 2-Step Verification system?
Now you know — the answer is YES. It’s not a bother, it’s Google helping you to protect yourself against evil.
And that’s the truth.
Be seeing you.
I have consulted to Google, but I am not currently doing so — my opinions expressed here are mine alone.
– – –
The correct term is “Internet” NOT “internet” — please don’t fall into the trap of using the latter. It’s just plain wrong!