Unprotected Secrets

02.08.13

Bush Family Hack Was Bush League, Say Cyber-Security Experts

Guccifer, the hacker who leaked such family secrets as George W.’s artistic side and early funeral plans for George H.W., likely got lucky with lax Bush cyber security, sources tell Eli Lake.

Thanks to a hacker who goes by the name of Guccifer, the Internet now knows quite a bit about the Bush family. Newly revealed about the Bushes: George W. Bush is something of an amateur painter. The Bush family prepared for George H.W. Bush’s funeral in December, when the former president was hospitalized for a respiratory ailment. And Neil Bush believes his dad, George H.W., helped salvage the reputation of Bill Clinton after his presidency.

One might think the hacker who pilfered these personal details was a wizard using the latest malware to penetrate the email accounts of two ex-presidents and their closest friends and relatives. But experts tell The Daily Beast that Guccifer likely got lucky. Like the rest of us, the Bushes probably did not practice the best cyber security.

A recently retired senior federal law-enforcement official who specialized in cyber crime, said the Bush family hack looks similar to the 2010 and 2011 hack of the email accounts of Mila Kunis, Christina Aguilera, and Scarlett Johansson. In that case, the hacker gained access to the accounts by figuring out the answers to questions after clicking the “forgot password” function. He was able to lurk on the accounts for months, according to the indictment, but he was eventually caught last year and sentenced to 10 years in prison.

“There were no computer skills needed in that case,” the former law-enforcement official said. “The lesson learned from that case is to make sure that the answers to your challenge questions are at least as difficult for someone to guess as your original password.”

“Encrypted email is something that has been around for 20 years. The Bush family should be using it.”

Michelle Dennedy, chief privacy officer for the cyber-security firm McAfee, said the Bush family should have considered using encrypted emails and sending encrypted photos. “This family needs a defense and depth strategy,” Dennedy said. “Maybe this is a time to do an encrypted photo and do some protection. Encrypted email is something that has been around for 20 years. The Bush family should be using it.”

For now, the federal authorities are involved. “We are investigating this incident,” George Ogilvie, a spokesman for the Secret Service, told The Daily Beast.

One immediate concern for the Secret Service, the branch of the federal government responsible for protecting ex-presidents, is to assess what personal information was compromised, such as the addresses of private homes, private phone numbers, and similar private data. One email between CBS sportscaster Jim Nantz and the scheduler for George W. Bush included the four-digit code needed to open the security gate at the former president’s residence.