Cyber Insecurity And An Ill-Placed Typo May Have Decided The Election. Here's How To Protect Yourself.

It's time to get smart.

The United States election may have been altered by one of the most basic, primitive kinds of phishing scams on the Internet. According to a New York Times breakdown of how Russia reportedly unleashed a cyber attack on the United States, the cyberespionage team broke into the emails of John Podesta, the chairman of Hillary Clinton's campaign with a basic phishing scam you've probably seen in your Gmail.

Based on information from the CIA, FBI and several people involved in the hack, The Times laid out a fascinating tale of how hackers influenced the U.S. election this year. The first successful mark was Billy Rinehart, a former Democratic National Committee regional field director who was working for Clinton's campaign. He got an email from a fake Gmail account, urging him to change his password. 

"Someone just used your password to try to sign into your Google account," the email said, according to The Times. "Google stopped this sign-in attempt. You should change your password immediately."

Rinehart, who was awake at 4 a.m. in Hawaii to communicate with East Coast colleagues, followed the link provided in the email and changed his password. He remembered the notification telling him the sign-in attempt happened in Ukraine. Unknowingly, he had just given over his Gmail account to a group of hackers who have since been linked to the Russian government.

Not long after, a similar email was sent to Podesta. One of his aides, Charles Delavan, noticed the email and replied.



John Podesta following the Oct. 13 presidential debate. Joseph Sohm / Shutterstock.com.
John Podesta following the Oct. 13 presidential debate. Joseph Sohm / Shutterstock.com.

"This is a legitimate email," Delavan wrote.  "John needs to change his password immediately."

But it wasn't a legitimate email. In fact, Delavan knew that the email was a phishing scam. His email contained a small, election-defining typo.

"He said he had meant to type that it was an 'illegitimate' email," The Times reported. "An error that he said has plagued him ever since."

And just like that, a decade's worth of emails — close to 60,000 — were open for the hackers to take. 

If you've paid attention to the election, you probably know where the story goes from there. Over the course of months, Wikileaks began releasing the emails slowly to the public. They contained damaging information about the Clinton campaign and the DNC; apparent favoritism of Clinton's candidacy over that of Sanders', aides making disparaging remarks about their candidate, transcripts of speeches that were previously private, cozy-looking interactions between press and the campaign, and questionable conversations between Clinton Foundation representatives who seemed to leverage donations for access to the Clintons. The email leaks and all that they represented spiralled out of control, dealing damage to the campaign that, on Election Day, Hillary Clinton wasn't able to overcome.

Delevan's typo and Rinehart's successful phishing arguably decided the election.

Which begs an important question: how could some of the most important government officials in our country fall for such a scheme? 

The truth is, phishing schemes like this — and cyber security in general — are becoming more and more relevant every day. The DNC and Podesta weren't alone: major hacks have hit Yahoo!, Netflix and Sony in recent years. Fortunately, a few basic tips and rules can help preserve your privacy.

Below, we've put together some advice from Kevin Mahaffey, the CTO of Lookout, a mobile security company based in San Francisco.

1. Generate and store random passwords for every account you have.

Mahaffey warns that having one password for all your accounts and devices is a dangerous game. So, too, is having a password that you came up with. Often times, someone trying to gain access to your account will first try to break your password using names, dates and numbers that are related to you.

If you use a password generator that gives you a random password for each of your accounts, you have a much better chance of being safe. Once you have a series of different and random passwords for all your accounts, you need to file them somewhere that is also password protected.

2. Make sure the password that gives access to your passwords is extremely strong (and memorable).

Mahaffey suggested thinking of a completely absurd scene, and then inserting numbers into it to create the ultimate password. 

"Sparkly amoebas (in) Prague dining (with the) Pope," he offered as an example. Just put it all together and add a number or two, and you come out with "7sparklyamoebasPraguediningPope." 

After you have this one totally random, memorable password, you can lock all of your passwords away in a password manager like LastPass

3. Use multi-factor authentication.

Multi-factor authentication will require you to enter a passcode sent to your phone anytime you try to login to an important account — like your bank or email — when signing in from a new device.

It typically will require the same multi-factor authentication as a security check every 30 days. This way, if someone nabs a password, they will still need the code that's sent to your phone in order to get into the account. 

4. Think before you click!

Someone should have given this advice to the DNC. 

"Phishing is an old trick, yet still wildly effective," Mahaffey said. "Attackers are using it over email, SMS messages, and even messaging apps."

The Anti-Phishing Working Group, a "global industry, law enforcement, and government coalition focused on unifying the global response to electronic crime," says that in the first quarter of 2016, there were more attempted phishing attacks than at any time in history. 

So if you get an email, message or anything else from a source you don't know, be careful about clicking links or downloading. Same goes with downloading things from the Internet: be wary of any applications or movies coming from sources that aren't Amazon, Microsoft, Apple and Google. And never, ever give anyone your password.



5. Update your devices.

Often times, software updates are related to vulnerabilities hackers have found in a new operating system. If your device — a computer or smart phone — recommends and update, you should do it. You can also set your apps to auto-update.

6. Be careful using public Wi-Fi.

Accessing public Wi-Fi may be safe, but just know that you can be spied upon. Never do sensitive work (like banking) while on a public Wi-Fi account and never download any apps or profiles in order to connect to the network. Typically, that's a sign that someone is trying to hack your device.

View related content here:

More From A Plus

GET SOME POSITIVITY IN YOUR INBOX

Subscribe to our newsletter and get the latest news and exclusive updates.