07 June 2012

Poor security for a presidential hopeful

John Cook has a Gawker.com  article in Time about the latest Willard fuckup:
Yesterday, a tipster sent us a note indicating that he had successfully accessed Mitt Romney's Hotmail and DropBox accounts, after guessing the answer to a security question— Romney's favorite pet. The Romney campaign later confirmed that "the proper authorities are investigating the crime." Now that tipster has written a letter of apology to Romney. Yesterday's original tip about the hack contained frustratingly little evidence— make that none— that the tipster had actually conducted the caper. He or she simply provided us with an alleged new password for Romney's mittromney@hotmail.com account, as well as the associated DropBox account, and invited us to log in. Since unauthorized access of an email account is viewed in certain law enforcement circles as a federal crime, we demurred. A few screengrabs or copies of the emails would have been nice, though. We wrote back asking if the tipster had any proof of the hack claim, and concurrently sought comment from the Romney campaign. After we published a story on it last night, the tipster wrote us back and sounded regretful:
Hello. Shortly after I sent the tip I did access the account. It was mostly newsletter Spam and a few short correspondences. While going through these I started to feel very guilty about what I had done. I then sent an email to one person in the contact list explaining, apologizing for what had happened, and adding that I was going to try to close both accounts so that no one else could get in. I succeeded in doing this with the DropBox account but was unable to do so with the email due to it being a paid account. I instead changed the password and the answer to the security question and emailed the contact with both changes so that they might be able to shut down the account on their own.
I did not share the emails with anyone else and have deleted all the DropBox documents that I downloaded.
Lastly I would like it to be known that I regret ever doing this and would like to apologize to Mr Romney.
Those read like the words of someone who was just travelling down the internet one day, saw some newly released documents revealing Mitt Romney's private Hotmail account, had a clever idea, walked right into a potentially serious crime without really thinking about it, and was now trying very hard to walk back out. We asked for more specifics. (And to be perfectly clear: we asked for details and recollections about any information the tipster may have obtained or viewed in the past. At no point did we ask anybody to access Romney's account.) The tipster wrote back:
Without going into too much information about what I saw, the impression I got was one that the email address is now being used as a spare address to be put in for things that demands an address for registration. The contact was a family member and outside of the tip I did not share the password with anyone else.
And then, early this morning, we received this detailed apology addressed to Romney himself.
I don't know to what degree you are in communication with law enforcement and the Romney campaign about this but, if possible, I would appreciate it if you could forward the following message to the Romney campaign.
To Mitt Romney:
The time between when I first saw the email address in the Wall Street Journal and my first sending in the tip about my hacking was only a half hour at most. During this time I never stopped to consider what it was I was doing, it was only after I had got in to your account, after I sent my tip that I really started to consider what I had just done. While I was in I had thought about the tip I had sent in, about my use of the word 'hack,' my mind drifted to the British phone hacking scandal which I have been following closely. It was then I was hit with a terrible revelation, what I had done was no different then the actions of the tabloid journalists that had horrified me so.
So I tried to fix what I had done as best I could. There was no way for me to undo the fact I had illegally broken into your private accounts but I could stop the spread of the breech. I shutdown the Dropbox account and deleted all the files that I had downloaded and then, when I found myself unable to shutdown the email I changed the password and and security question so that no one else could get in the way I had. Finally, I have not and will not tell anyone what I have seen.
But none of this changes what I've done. I engaged in an egregious violation of another persons privacy, a violation made all the worse by way of your being a public figure who has so little privacy to begin with, a figure for whom what privacy can be found is doubtless a valuable gift. A gift I took away. For this I am sorry. When I hacked in it struck me as funny at first, but now I have never felt as bad about something I have done as I feel right now.
I don't know if you'll take anything from this message. I wouldn't blame you for one second if you don't. I just want you to know how I've been feeling about this.
Considering the fact that the Secret Service reached out to us yesterday after the hacking item ran, it's unclear whether the apology will achieve its desired effect. The whole thing is a shame, really, since we didn't even get to read any of the damn emails.

No comments:

 

Casino Deposit Bonus