Iran-linked hackers breach FBI director's personal email

Posted by m-hodges 3 days ago

449 points | 530 commentspage 6

pugchat 2 days ago|

[dead]

4k0hz 2 days ago||

[dead]

throwawa1 2 days ago||

[flagged]

DSingularity 2 days ago||

[flagged]

0xbadcafebee 2 days ago||

Nothing anti-semitic about pointing out close ties between political allies. Like how Jared Kushner's family is so close with Netanyahu he slept in Jared's bed. If anything it's patriotic & pro-Israel.

paxys 2 days ago||

[flagged]

root_axis 2 days ago|

Doesn't gmail opt people into 2fa automatically?

joe_mamba 2 days ago||

[flagged]

vrganj 2 days ago||

Is that the latest spin to defend the pedophile class?

I see you updated your comment, but in a way that doesn't make any sense. Of course the pedophiles in the files will say it's a hoax.

bigyabai 2 days ago||

The DOJ acknowledges that over 100,000 files are still withheld.

fbilol 2 days ago||

[flagged]

creantum 2 days ago||

[flagged]

thejazzman 2 days ago|

Hacked

creantum 2 days ago||

Leaked

danso 2 days ago|||

yeah it’s totally plausible that Google would risk the reputation and legal status of its global multi-trillion empire to dunk on one of the handful of people who have the near-unilateral authority to dismantle them

mikeyouse 2 days ago||

Also - there's zero chance any employees at Google could decide to leak the contents of a specific inbox. That'd be an insane security hole which would've been exploited multiple times already.

creantum 2 days ago||

Sysadmins have full access.

john_strinlai 2 days ago|||

i am eagerly awaiting your evidence for this claim

dyauspitr 2 days ago||

[flagged]

akdev1l 2 days ago||

>just a slow decline into incompetence.

Give them some credit, it’s been quite rapid.

chrisweekly 2 days ago||

when were they anything other than incompetent?

knowaveragejoe 2 days ago|||

Remember when that was considered an actual issue in 2016? I remember congressional hearings over this.

e2le 2 days ago||

For those who decried Hillary's E-Mail server but fail to apply the same standards to the current administration, it was never a real issue to begin with. Just performative nonsense.

Tostino 2 days ago|||

This was an extremely limited leak. Just looked through the zip. I wouldn't doubt he does use his personal email for government purposes, but it's not in here.

add-sub-mul-div 2 days ago||

And it's not a coincidence that they're also the ones who shout about "meritocracy" the loudest.

PilotJeff 2 days ago||

BRING IT ON

upheaval7276 2 days ago|

I'm no fan of this administration, at all, but this seems like a big fat nothingburger. They hacked a personal gmail account, not a government account, not government infra. Why is this not a failing of Google instead of the government? And surely the hackers would have eagerly released anything damning, but nothing damning seems to exist. What am i missing here?

claaams 2 days ago||

Remember when this admin used a Signal group chat to coordinate an operation against Houthi forces in Yemen and left in some journalists. Do you think he cares care whether he sent an email with his gov email on a gov device or if he sent it with his personal email?

weaksauce 2 days ago|||

you don't think that it's relevant and concerning that the director of the FBI didn't take operational security seriously enough that his account got compromised? even if they didn't get anything incriminating (which maybe they did and are going to blackmail him later) that show a shocking lack of competency for someone in that kind of position.

upheaval7276 2 days ago|||

we don't even know how it was compromised. was his password "password", or did the hackers exploit a gmail/google vulnerability?

weaksauce 2 days ago|||

i think the facts of the matter are that a gmail vulnerability is on the very low likelihood kind of event. they wouldn't burn their insanely valuable vulnerability on showing how much of a fratboy kash is. the most likely possibility is that he either clicked on something dumb and gave access through phishing(really bad) or had a really weak password without 2fa(also really bad).

pkilgore 2 days ago||||

are you suggesting the former is not a demonstration of a shocking lack of competency?

upheaval7276 2 days ago||

I'm suggesting we don't know how the account was hacked, which is true. could be due to incompetence or not. i don't know, nor do you

jeroenvlek 2 days ago||

True, but don't you think the FBI director should be held to higher standards of security hygiene than average people? Because I'm interpreting your tone as "it could happen to anyone". At some point the doubt is gone and there's no more benefit to give...

alexandre_m 2 days ago||

Comments in this thread mostly reflect people’s own biases, that is a shallow projection based on the headline.

drfloyd51 2 days ago|||

Did the director have his email on a vulnerable server? Yes. Yes he did.

He should have known better.

jimbob45 2 days ago|||

Operational security doesn’t apply to personal accounts, no? Otherwise, they wouldn’t be personal.

margalabargala 2 days ago|||

It's not a big deal, for the reasons you mentioned. But it's interesting to a lot of people, and therefore newsworthy.

upheaval7276 2 days ago||

it's definitely newsworthy, no doubt there. but i see so many people in this thread pointing to this as somehow a failing of the fbi, which it's not. i'm all for calling out this administration for its many many failings, but this is not one of them, and calling this a failure of the administration just hurts the credibility of everyone pointing out real issues with this administration.

wmf 2 days ago|||

People are concerned because every government official uses their personal email for work.

drfloyd51 2 days ago|||

The director of the FBI should not be hacked in anyway ever for any reason.

If Gmail isn’t secure, he should be using something else.

nradov 2 days ago|||

How is this a failing of Google? They can't be blamed for users who fail to secure their own accounts.

reddozen 2 days ago|||

True yeah. but uh anyway what about HILLARYS EMAILS we need to hear about those for the next 4 decades (no convictions despite "Lock Her Up" slogans for 5 years)

m_ke 2 days ago||

just think of what could someone do if they got into your personal email account?

upheaval7276 2 days ago||

yes, and...?

ohyoutravel 2 days ago||

Major public figure who is currently in a position of power in the USA. That’s bad news because it reveals sensitive details which may lead to their further compromise. Imagine you’re compromised by a corrupt administration with pics of CSAM or something already, now imagine a foreign actor also having compromised you. It’s a sticky situation.

upheaval7276 2 days ago||

Yes, that's all true, all potential issues in theory. I'm still not seeing why this points to or supports the (valid) claim of incompetence in the FBI. That seems to be the angle most posters in this thread are taking, and it seems...misguided to me. Tilting at windmills. Let's call out the admin for their real failings, not nonsense like this. Getting your gmail account hacked does not reflect on you as a professional.

blooalien 2 days ago|||

> "Getting your gmail account hacked does not reflect on you as a professional."

Doesn't it though? Especially when your profession involves the security of a nation and you can't even secure your own personal email account successfully?

antonvs 2 days ago||||

> Getting your gmail account hacked does not reflect on you as a professional.

Why not? Most professionals at larger organizations have to do security training. These kinds of attacks are far less likely to succeed on anyone who follows the basic precautions taught in such training. E.g., if he had MFA enabled on his account - as he certainly should have had - they would not have been able to compromise it externally, i.e. it would have had to be much more than his email that was hacked.

I don’t get the propensity some people seem to have for defending this shameful collection of incompetent criminals, bullies, and clowns.

ohyoutravel 2 days ago||||

Leaking one’s credentials to sensitive personal repositories of information is a “real failing” lol, how could one think any differently? I would be mortified and immediately rectify the situation.

eclipticplane 2 days ago||||

Shouldn't the FBI be protecting its own members -- especially its executives -- personal digital footprint, given the risk?

ImPostingOnHN 2 days ago|||

> Getting your gmail account hacked does not reflect on you as a professional

If you work in security: it *absolutely does*, because 99+% of the time you are the primary contributing factor, whether from password reuse or downloading malware or clicking bad links or opening random emails or being susceptible to social engineering, etc.

If you are the head of a security organization: obviously you should not expect to retain that job, as your poor reputation is now an albatross around the company's neck.

If you are the head of the FBI: lol. lmao. what the actual fuck. my money is on someone spearfished him with an email subject about a book deal and he'll just click fucking anything.

More comments...