Yesterday Marcel Lehel Lazar, who used the alias, Guccifer, was sentenced to 52 months in prison after previously having pleaded guilty in May to aggravated identity theft and unauthorized computer access in federal court in Virginia. As part of a plea agreement, seven other charges brought against him regarding his hacking activities were dismissed. It was Guccifer’s public leaking of emails from former Clinton adviser Sidney Blumenthal that first made public that Hillary Clinton was using a private email address of firstname.lastname@example.org for official business. According to prosecutors, Guccifer hacked into the email accounts of about a hundred prominent people and although the names of the victims were not made public in court documents, it has been widely reported and confirmed that among the people whose email accounts were hacked were Steve Martin, Colin Powell, George W. Bush, John Dean, Mariel Hemingway, Lorne Michaels, Carl Bernstein, Rupert Everett, Eric Idle, Whoopi Goldberg and Julian Fellowes the writer of “Downton Abbey.” Although Guccifer hacked into the email accounts of many entertainers and politicians, he did not exploit his hacking targets for financial gain even though the information he obtained would have allowed him to do so. Rather his goals, more often, appeared to be to embarrass his victims and shake the world up a bit. Through hacking of his victims’ email accounts he gained access to and made public the final episode of Downton Abbey, months before it was aired. He also made public embarrassing information he obtained through his hacking efforts of politicians and celebrities on both sides of the Atlantic including allegations that former Secretary of State Colin Powell had an affair with a European Parliament member, Corina Cretu.
One technique Guccifer used was to get an email address of someone, such as he did with media icon, Tina Brown, who has an extensive email address book and harvest more email addresses of the rich and famous. He then used simple techniques to answer his victim’s security question and change the password to the account whereupon he was able to take over the account and have access to all of the information stored there. Simple, publicly available information such as birth dates, schools attended and other such information provided the keys to answering the security questions of his victims. He also apparently used lists of the name of pets to answer security questions as well. And herein lies the lesson for us all. Even if you are not a celebrity, there is so much information about us all that is publicly available. Sometimes the information is even provided by us through our Facebook pages and other social media, making it is an easy task for a hacker to get at our email accounts as well as other password and security question protected accounts.
Protecting your email address is a difficult task. The key to protecting your account from being hacked is to have strong security questions because it is often too easy for a hacker to guess the answer to common security questions and gain access to the password for your email account. The key to an unbreakable security question is to have an answer that can never be guessed by a hacker. So if your security question is “What is my favorite vegetable?” you should make the answer “fire truck” or some other totally illogical response. Don’t worry about remembering it yourself because if the question and answer are as ridiculous as this, you will remember it.