Intel Chief Gabbard Failed Basic Cybersecurity Protocol For Years
This post was originally published on this site
Once again, Wired did the digging and got the scoop about the woman who should never have been nominated, much less cofirmed, as the director of national intelligence:
WIRED reviewed Gabbard’s passwords using databases of material leaked online created by the open-source intelligence firms District 4 Labs and Constella Intelligence. Gabbard served in Congress from 2013 to 2021, during which time she sat on the Armed Services Committee, its Subcommittee on Intelligence and Special Operations, and the Foreign Affairs Committee, giving her access to sensitive information. Material from breaches shows that during a portion of this period, she used the same password across multiple email addresses and online accounts, in contravention of well-established best practices for online security. (There is no indication that she used the password on government accounts.)
Two collections of breached records published in 2017 (but breached at some previous unknown date), known as “combolists,” reveal a password that was used for an email account associated with her personal website; that same password, according to a combolist published in 2019, was used with her Gmail account. That same password was used, according to records dating to 2012, for Dropbox and LinkedIn accounts associated with the email address tied to her personal website. According to records dating to 2018 breaches, she also used it on a MyFitnessPal account associated with a me.com email address and an account at HauteLook, a now-defunct ecommerce site then owned by Nordstrom.
Wired noted, without comment, that “Records of these breaches have been available online for years and are accessible in commercial databases.” It suggests yet again that the Trump administration either did a terrible job of vetting or else just didn’t care that the “stunningly unqualified” Gabbard was so careless with what could have been national security. Once a password is breached for one account, hackers will try to use it to access others, Wired pointed out. “Reusing passwords is especially dangerous with email, because a compromised email account can be used to reset credentials for other accounts or systems.”
Oh, and by the way? The password is associated with the Science of Identity Foundation, which Wired described as “an offshoot of the Hare Krishna movement into which she was reportedly born and which former members have accused of being a cult.”