by Stephen Bryen and Rebecca Abrahams
First appeared in the Huffington Post at http://www.huffingtonpost.com/rebecca-abrahams/have-you-been-gucciferd-b_b_4562654.html
The list of victims is huge. Colin Powell, Air Force Secretary James Roche, Robert Redford, Leonardo DiCaprio, Jim Nance, Tina Brown, Whoopi Goldberg, Steve Martin, Sidney Bloomenthal, Warren Beatty and plenty of others. Guccifer steals credit card information, emails, documents, passwords and cell phone numbers. Guccifer got hold of sensitive emails sent to then Secretary of State Hillary Clinton by former Bill Clinton aide Sidney Blumenthal on the attacks on the U.S. mission in Benghazi.
Those emails, while not revealing who was the “most sensitive” source described in the emails, discussed cooperation between the Libyan government and the Muslim Brotherhood and other Islamist elements and included unverified intelligence that the funding for the attack on Benghazi allegedly came from Saudi financiers, possibly linked to al-Qaeda. It is not clear how or from whom Blumenthal got the information raised in his emails to Secretary Clinton, or why he was using a public email account to communicate with the Secretary of State. Certainly he should have known the risk.
In another scoop by Guccifer, emails shared by Colin Powell and a much younger, attractive Romanian diplomatic official, went viral. The Guccifer leak of of the Powell/Corina Cretu’s (the lady’s name) emails not only appeared to be personally damaging to Powell, married for some 50 years, but it also left on the table the question of a top public official having a personal involvement with someone answerable to a foreign government. Powell insists there was no affair with Ms. Cretu.
So who is Guccifer and what is the game? Right now no one knows who Guccifer is, or if there is one Guccifer or more. But his game seems to be to cause maximum embarrassment to as many people as possible, especially folks who are household names thanks to their celebrity status.
Doesn’t that mean that everyone else who is not a celebrity is off Guccifer’s hacking hook?
To begin with, while you may think that on the long list of Guccifer victims there is no one you know, chances are that you are still linked as a second or third party. If you use LinkedIn, take a look at how many folks are directly linked to your network, and how many more are connected as a result. The connections multiply much faster than rabbits. This matters because Guccifer collects information from a celebrity’s circle of friends and friends of friends, so your personal information has a strong chance to be in Guccifer’s hands.
The bottom line is that, other than leaking the juicy stuff he collects to the press, which is an avid consumer of dirt, we don’t know what Guccifer does with the restof what he collects through hacking.
He pleads poverty when talking to journalists — saying he cannot even afford a Smartphone. But that seems like just a cover story for what could be a big business –selling information about credit cards including passwords, tipping off competitors to business deals or stock transactions, learning about government secrets and trading them to the highest bidder, or giving your personal information to someone who can blackmail you.
The fact of the matter is that Guccifer is good at hacking, and it is hard to believe he is just sitting on mountains of potentially profitable hacked data. After all, Guccifer is not NSA and Guccifer’s mission certainly does not include protecting any of us. We won’t rule out that Guccifer is in it for the thrill and not for profit. But does that seem likely?
The message for everyone is that even if you do not think you are a target of a hacker, don’t be too sure. Whether it is your credit card, your family, your business, or your opinions, all of them and more are certainly at risk from hacking. You need to start thinking about protecting your electronic communications, correspondence, transactions and voice communications. Below are some suggestions:
1. for more secure email, consider Hushmail. It is encrypted and so far as we know user passwords are secure
2. for secure communications for business or the enterprise consider an encrypted phone system such as FortressFone.
3. for document security consider TrueCrypt.