Of course Mike Pence used an AOL email account for official government business. And of course it got hacked.
The Indy Star reported today the vice president’s account was used for some official-looking communications, from FBI notices about terror-related arrests from homeland security adviser John Hill to the resettlement of Syrian refugees. There were also an unspecified number of emails that weren’t released in response to the Indy Star’s FOIA request because the state considered them too sensitive to make public, itself a cause for concern for those worried about just how Pence was using the AOL service.
Fortunately for U.S. national security, the hackers appeared to be run-of-the-mill scammers rather than state-sponsored spies. As reported in summer last year, a hacker sent messages from Pence’s account, claiming he needed money as he was stranded in the Philippines with his wife without access to funds.
But AOL accounts shouldn’t be considered especially secure anyway, even when compared to private email servers like those used by Hillary Clinton. Just ask CIA director Mike Brennan, whose AOL was hacked in 2015 by some teenagers. Or ask AOL, which in 2014 announced a significant breach, advising users to change their passwords.
Considering Brennan, don’t know why state actors are so focused on Yahoo when apparently AOL’s primary userbase is government officials.
— Collin Anderson (@CDA) March 3, 2017
What adds to the irony for Pence is that he spent much of the lead up to Trump’s election slamming Clinton’s use of a personal email server for official business. Pence’s office said his use of AOL was not comparable to Clinton’s email, adding that the VP had “fully complied with Indiana law regarding email use and retention.” All emails from his state and personal accounts are now being archived by the state to ensure consistency with the law. That means it should be possible for government or citizens to request records from the account, where national security doesn’t trump freedom of information.
But of the 29 pages of records released, the Indy Star only received emails that were kept on the state server, not direct from AOL. That might mean there are government-related communications that weren’t moved over to state computers.
Got a tip? Email at TFox-Brewster@forbes.com or email@example.com for PGP mail. Get me on Signal on +447837496820 or firstname.lastname@example.org on Jabber for encrypted chat.
Source: SANS ISC SecNewsFeed @ March 3, 2017 at 02:30AM