you've got hacked

Why Rich, Famous, and Old People Need to Ditch Their AOL E-mails

Photo: AOL

We don’t yet know the exact technological high jinks used by the hacker Guccifer to access the Bush family’s e-mails (thus gifting the public W.’s bath time self-portrait), but we have a pretty good guess of where it started. The Smoking Gun reports that among the six separate accounts compromised, one was the old-school AOL address of George H. W. Bush’s daughter Dorothy Bush Koch. For reasons we cannot comprehend, some of the most important people in the world (who also happen to be old) have not yet migrated to Gmail, the generally agreed upon leader in e-mail technology, opting to stay with an out-of-date service (see also: Yahoo, Hotmail, Earthlink) and leave themselves vulnerable to security breaches that don’t even require any expertise.

Back in 2011, Ben Smith explored the “generation of the political and media elite” who keep AOL accounts: “virtually the only people I email at AOL accounts are bigshots — people who were already so important by the time the various new fads (and technical advantages) arrived that they couldn’t be bothered to switch, and had nothing to prove to anyone.” On his list at the time: David Alexrod, Matt Drudge, David Brooks, and more. Add to that at least one member of the Bush clan, whose personal business is now out there for the universe to see.

After tech writer Mat Honan had his “entire digital life” hacked in an hour, he wrote “Why a String of Characters Can’t Protect Us Anymore” and specifically singled out AOL:

Our digital lives are simply too easy to crack. Imagine that I want to get into your email. Let’s say you’re on AOL. All I need to do is go to the website and supply your name plus maybe the city you were born in, info that’s easy to find in the age of Google. With that, AOL gives me a password reset, and I can log in as you.

Others concurred: “After navigating to AOL, I clicked the Login link and then clicked the ‘Forgot password’ link to get to a very friendly, step-by-step process for resetting the password on an account. As Honan predicted, it offered to let me reset my password if I could supply my home town and another piece of personal information such as my birthday.” It can be that easy.

When Sarah Palin’s Yahoo account was hacked, the path was similar: “he hacked into the e-mail account using the password ‘popcorn’ which he managed to reset by successfully answering her security question ‘Where did you meet your spouse?’ by Googling for the answer.”

Hacking is, in some ways, like dominoes — one piece falls and the rest follow. Cracking a second-tier e-mail account, like Dorothy Bush Koch’s, with barely any effort, could have exposed Guccifer to all kinds of private info, including the personal e-mail addresses of other friends and family on which to try the same tricks. All the hacker has to do once they’re inside is sit around and watch to collect more clues and loopholes.

Google, on the other hand, is better about letting users know when and where their accounts were accessed from. The two-step verification process (get familiar!) is not difficult to use and “drastically reduces the chances of having the personal information in your Google Account stolen by someone else.” As Honan wrote:

Google is already … going beyond two-factor to examine each login and see how it relates to the previous one in terms of location, device, and other signals the company won’t disclose. If it sees something aberrant, it will force a user to answer questions about the account. “If you can’t pass those questions,” Smetters says, “we’ll send you a notification and tell you to change your password—because you’ve been owned.”

Grandchildren and personal assistants everywhere owe it to their elders to take a deep breath and patiently get them set up for 2013, especially if their last name is Bush.

Bush AOL E-mail Account Probably Hacked Easily