Shane Harris writes: The private email address for Hillary Clinton, which became the talk of Washington this week and created her first major speed bump on her road to the White House, has actually been freely available on the Internet for a year, thanks to a colorful Romanian hacker known as Guccifer.
On March 14, 2013, Guccifer — his real name is Marcel-Lehel Lazar — broke into the AOL account of Sidney Blumenthal, a journalist, former White House aide to Bill Clinton, and personal confidante of Hillary Clinton. Lazar crowed about his exploits to journalists, disclosing a set of memos Blumenthal had written to Clinton in 2012, as well as the personal email address and domain she’s now known to have used exclusively for her personal and official correspondence.
Few journalists noticed that at the time, and it caused no ruckus in Washington. But the fact that Clinton’s private email was now public means she was not just putting her own information at risk, but potentially those in the circle of people who knew her private address.
Her email account was the ultimate hacker’s lure. It’s a common technique to impersonate a trusted source via email, in order to persuade a recipient to download spyware hidden inside seemingly innocuous attachments. Indeed, Clinton’s own staff had been targeted with such highly targeted “spear phishing” emails as early as 2009, the year she took office. And according to U.S. authorities, Lazar, who’s now serving a seven-year prison sentence in Romania and is accused of hacking the accounts of other Washington notables like Colin Powell, did commandeer other people’s email accounts. Then he used them to send messages exposing the private correspondence of his other victims.
When her address was exposed, Clinton was running her private email account on equipment in her home in New York, which security experts say is an inherently weak setup that made her more vulnerable to hacking. [Continue reading…]