H is for Hack. Clinton Campaign Breach Caused by Gmail Phishing Expedition

Social engineering responsible for Clinton breach
Social engineering responsible for Clinton breach

Emails surfaced recently revealing that the Hillary Clinton campaign conducts surveillance on reporters in a fairly spooky fashion. While there’s been little coverage of the embarrassing story in the US news media, and it is likely that Donald Trump would do the same thing if he had an actual staff and was conducting an actual campaign, there is a valuable lesson to be learned in the mechanics of the hack.

The vast majority of data breaches occur due to human error. Many organizations have protocols and procedures, as well as both physical and logical security equipment that keeps their IT secure. Faulty firewalls don’t ordinarily lead to breaches. The problems occur when someone doesn’t follow security procedures.

Frequently, the breach occurs when someone clicks on a hacker’s phishing link. In this instance that’s what Clinton volunteer Sarah Hamilton appears to have done. Hamilton was fooled by a spoofed Gmail login page, leading to her campaign emails being rummaged through by the hackers and shared online.

Hamilton was not an elderly volunteer working a phone bank. Most recently she was spokesperson for Chicago Mayor Rahm Emanuel, a job that one doesn’t obtain without some intelligence and sophistication. She’s certainly technologically savvy. Yet she exposed her organization to significant embarrassment.

The Clinton campaign hack offers further proof that even sharp young professionals can make missteps that lead to significantly damaging events. To avoid hacks and breaches, more than simple initial training is required. A drumbeat of reminders on the importance of security protocols is a must if your IT infrastructure and systems are to remain free of unwelcome visitors.