From the New York Times:
Hackers exploiting data stolen from the United States government conducted extensive cyberattacks on Friday that hit dozens of countries, severely disrupting Britain’s public health system and wreaking havoc on tens of thousands of computers elsewhere, including Russia’s ministry for internal security.
There are really only two things that need to be said about this, both said well by others:
The point is there’s no such thing as a security backdoor that “only I can use.” If you want systems to truly be secure, they must truly be secure.
The news today thinks it knows how John Podesta, Hillary Clinton’s campaign chairperson, got badly hacked.
John gets an email. It’s allegedly from
firstname.lastname@example.org. It tells him that “someone” from the Ukraine tried to login to his Gmail account, and he should change his password.
John’s IT person inexplicably says the email is legit and that he should change his password immediately. John apparently clicks the provided link and gives his Gmail password away.
Red flags that the email is not legit:
Do not click links in emails. Especially do not click links in odd emails or on links behind link shortening services.
I don’t really blame Mr. Podesta. We expect too much of users regarding computer security. But still. This is avoidable.