• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

Pence’s AOL Hacked – Daily Security Byte

March 13, 2017 By Corey Nachreiner

During the U.S. Presidential election, Hillary Clinton took a lot of heat for her use of a private email server for sending and receiving government related email. Politics and motive aside, Clinton’s use of a private email server was controversial because it put potentially confidential government emails outside the control and oversight of official government channels. While FBI investigators found no criminal wrong doing in this case, they did share that handling sensitive information in this way was careless and reckless.

As it turns out, Clinton is not the only one reckless in her data security. One of her greatest opponents and critics, Mike Pence, also used personal email services to send sensitive government correspondence. According to Indy Star, Pence used an AOL email account to send government related emails. Worse yet, his AOL account was hacked by a common cyber criminal. In this video, I share my thoughts about this case, and why I believe using a personal cloud email service is as bad as using a private email server.

Episode Runtime: 9:52

Direct YouTube Link: https://www.youtube.com/watch?v=krnJMen4fdY

EPISODE REFERENCES:

  • Pence used personal email account for state business – Indy Star
  • Email hacking is only getting started – Wired

Corey Nachreiner, CISSP (@SecAdept)

Share This:

Related

Filed Under: Security Bytes Tagged With: Infosec news

Comments

  1. Alan says

    March 13, 2017 at 11:18 am

    “Mike Pence, also used personal email services to send sensitive government correspondence. According to Indy Star, Pence used an AOL email account to send government related emails. ”

    First of all, your source is a liberal leaning media outlet. Secondly, the statement was not that he sent SENSITIVE government-related emails., but simply government related emails. Thirdly, his state does not forbid him from using a private email account or require him to use a secure governmental mail system. He met all requirements of their law by allowing those who needed access to verify his use, unrestricted access to his account.

    Now, if you want to discuss the merits of using cloud or unsecured email systems, then I am all ears; however, if you want to preface your article with politicized, inaccurate and misleading crap, then count me out. Stick to what you know, not what you fantasize about in that convoluted meatball you call a brain.

    Reply
  2. Brent Bates says

    March 13, 2017 at 11:31 am

    Hi Corey,

    I agree that Pence probably messed up, but wasn’t that email sent and received while he was governor and not as Vice President. I am not sure his state had the same requirements for email as the federal government. They should have.

    Pence’s state miss-use did not rise anywhere to the level of Clinton’s federal miss-use.

    Still not wise.

    Reply
  3. Nobody says

    March 14, 2017 at 1:15 pm

    It wasn’t illegal or against the rules for the governor of Indiana to use a Gmail account, but it was illegal and against the rules for the Secretary of State to use a private e-mail server.

    Reply
  4. KDE says

    July 5, 2017 at 1:12 pm

    The hack occurred when Pence was governor of Indiana. In the state of Indiana, it is perfectly legal to use email for work, and in fact you could argue that he needed a private account because it is ILLEGAL in the state for a government official to use a work account for political business. He had access to much less-sensitive information than Hillary Clinton, Secretary of State.

    Compare to Hillary again. Hillary, Secretary of State, knew what she was doing when she had her aides destroy her phones with a HAMMER and wipe her systems with “like a cloth or something” AKA BleachBit. This takes things to a whole other level. The investigation into Hillary’s email scandal isn’t over and is still being litigated. Clinton exclusively used her private account for work, something no Secretary of State has ever done before, yet there is no evidence Pence used his exclusively for work or that it was any different than any past governors’ use of their private accounts.

    For Hillary, it was encouraged that she was supposed to use her work account especially for security sake, and they were supposed to be easily archived and accessible. She ignored those protocols.

    She didn’t hand over all her work-related emails according to the FBI. They felt there was enough in her email account to launch an investigation. There is no investigation into VP Pence’s breach. Comey said what she did was wrong, but DECIDED not to prosecute. This doesn’t mean what she did wasn’t criminal. Hillary lied about sending and receiving classified material.

    From Washington Post: “Using a private account if you’re the governor of Indiana, where it’s legal to do so and you’re ostensibly dealing with much less-sensitive information, is much different than using a private email account exclusively to do work as secretary of state,who has access to many if not most of the nation’s top secrets.” https://www.washingtonpost.com/news/the-fix/wp/2017/03/03/why-mike-pences-private-email-account-is-way-different-from-hillary-clintons/

    No security is 100%, and I am not excusing VP Pence’s mistake (which actually turns out having a private account may have been a necessity based upon Indiana law) but to compare it to Hillary’s private email server and to even suggest it is worse without considering the laws and circumstances surrounding the nature of the data and persons involved is quite frankly breathtaking.

    Security doesn’t operate in a vacuum, and I am not in agreement with your analysis on this one. Thanks for listening!

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
  • US National Cybersecurity Strategy
  • 3CX Supply Chain Attack
  • Here Come The Regulations

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • 3CX Supply Chain Attack
  • The NSA’s Guidance on Securing Authentication
  • Cybersecurity News: LastPass Incident Revealed, White House Issues Cybersecurity Strategy, FBI Purchases Leaked USHOR PII Data, and a Slew of Other Breaches
  • An Update on Section 230
  • Here Come The Regulations
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use