So as I was boarding a plane today I heard the breaking news about Colin Powell's email being "hacked" and the some emails were released that embarrass both presidential candidates, Clinton and Trump. The press seem to putting a lot of emphasis into the hackers pwned an email server somewhere, which I'm about 95% pretty sure that wasn't the case.
So you might be asking "OK Mr. Smarty-Pants, how did they get his email?". Well, to be frank, it was probably his fault. Let me explain.
In today's world, manufactures have made using electronic devices extremely easy to use with no training, unless that person seeks it out themselves. Don't believe me? Hand a tablet/smartphone to a child and watch how fast they are able to interface with the device. I have a funny video of my 2 year old grandson who was used to an iPad, walked up to his families new flat screen TV that had Netflix displayed and start to swipe the screen. Funny thing was my daughter who was Chrome Casting Netflix from her phone, swiped when he swiped making him think the TV was in fact a touch-screen.
Just proves the point how simplistic manufactures are making their devices. Now to prove it was more than likely Colin Powell's fault he got hacked, let's talk for a second about how emails work.
NOTE: FOR YOU EMAIL ADMINS AND TECHNICAL FOLKS, I'M GOING TO SIMPLIFY THIS A BIT SO OTHERS CAN FOLLOW THIS AS WELL.
So when you send an email, your message is broken up into tiny fragments of packets. Think of them as "packages" that you're going to ship. When you ship something, you mark on the package a RETURN address and a SHIP TO address. Also if there are multiple "packages" in the shipment, you'd mark each one with a "1 of 5", "2 of 5" and so on. This helps the person you're sending the "packages" to know what to expect and if they've gotten all the "packages". Well, emails work the same way. Instead of a RETURN address, we have "source address" which typically would be your email providers server(s). And instead of a SHIP TO address, we have a "destination" address which is the email server for the person that you're sending the email to. So if Bruce Wayne ([email protected]) was sending an email to Clark Kent ([email protected]), we'd have a source address of the email server for gotham.city (typical the name of the server is "mail".) which might be mail.gotham.city. And the destination address would be something like mail.dailyplanet.com. Each packet would also have a number sequence like 1 of 5, 2 of 5, etc. Now packets don't arrive in the order that they are sent, this sequence number helps the email server (mail.dailyplanet.com) reconstruct the email. The email server then is responsible for delivering the reassembled email to the "Inbox" of Clark Kent.
Now think about that for a second....everyone's emails are being broken down into small packets, those packets go across the internet with everyone else's emails PLUS everyone's web page requests are going across (yep these are broken down into small packets too), PLUS your Facebook posting, Instagram postings, watching your kids on a web cam, Facetime, controlling your Nest thermostat, the list goes on and on. Everything is broken down in to small packets. So, someone picking up your email via these packet are extremely unlikely.
So how does someone's email get "hacked"? Well, it first starts with the fact that manufactures/software vendors are rushing to be the easiest and best and we as a society gobble them up with no concern or concept of what's happening behind the curtain.
This creates an issue with this is two fold 1) Each device that we hook into the internet and every app that we install requires a user account and password and 2) We think that since the device is easy to use, our concept of user account and passwords should be easy as well. It's kind of like the whole lock and key thing. Anyone remember when we had to deal with 2 different keys for our cars? One key unlocked the doors and started the car, the second key was for the trunk
(yeah yeah, you young ones out there are saying "You had actual keys for cars?! ;-)).
"So Dale, what two thing can I do to help stop my email from getting hacked?". Well, technically there's more than two, but I teased you with that in the title because it goes back to the whole "we want things to be easy" issue....see what i did there! ;-)
1) If you've attended any of my live training's or Pluralsight courses you know that my biggest pet-peave is weak passwords. So let's all together start creating STRONG passwords. Remember those are passwords that are at least 14 characters, no real words AND.... now raise your right hand and repeat after me "I will NOT recycle/reuse my passwords".
Now I now what you're thinking "Holy cow Dale, how do I remember all these long passwords. I've got over 20 apps, I'm not that smart!". Well, neither am I.
Excuse me, while I turn on my commercial spokesman voice. That's why I use a password manager app like LastPass. I know, I know there are other products out there too, I'm just telling you what I know best ;-). Now the trick here is that these products will help you create, remember and fill in passwords for websites, apps and store confidential information, but they have a "master" password to unlock the app so that someone else can't use the app against you. Now when it comes to this "master" password, please for the love of Pete, use a STRONG password. If someone is able to guess this, you'll be giving them the mother load.
2) So that's great, you just created a strong password for your Gmail, Outlook, Yahoo, corporate account(s)...but you sent an email to Lois Lane and her password for her email account is "Superman"...yeah, way to go Lois. So from a hacker's perspective, there are two possible targets; Your email account and the email accounts of people you're known to communicate with. This is actually one of the ways that the FBI recovered the "deleted emails" of Hilary Clinton. She might have deleted her copy of emails on her server, but she can't delete the copies of emails that she sent to government workers that were being stored on government email servers. Now the only way you can prevent this way of being hacked is by teaching and sharing your knowledge about STRONG passwords to your friends and families. Hey, you can even send to a them my way and I will teach them about strengthening their passwords. [End personal plug]
3) Change your passwords more often then ever 4 years! I personally change mine (because my Password Manager App helps to remind me) every....PHYSIC! Like I'm gonna tell you I change my passwords every 3 months....oh crap.
4) Stop clicking on links in emails from people you don't know, and for that matter be careful on links from people you DO know.
5) Mix up your "Password Recovery" questions. You know, the ones you get asked when you forget your password. The famous "What's your dog's name", "What high school did you go to", "Whats your mother's maiden name", etc. You know, all the stuff I can easily get from your Facebook, Instagram or Twitter pages. What I mean by this is if the question you want to choose is "What's your dogs name?" Answer it with someone other than your dogs name! How about use your nick name growing up? Or how about just a word that means something to you, but has no relationship to question. Misdirection is the only way to slow or discourage hackers.
6) Truly learn what your devices and apps are doing. Does anyone here just show up to a car lot and say "I'd like to buy a car...I don't car what kind it is, how many doors it has, I just want one with a lot of pretty lights, cup holders and other shinny objects...and I don't plan on reading the owners manual, plus I really don't want to be bothered with things like oil changes or how good my tires are". Do get the picture? These devices and apps can be cool and make life really fun and easier, but if you buy a new device or installing a new app just because everyone else is and you're not educating yourself about it's features and options, then let me be blunt. You deserve to get pwned.
6) Stop using email. :-) I know that's not really a solution in today's world, but I had to throw it in, because it would stop your emails from getting hacked!
Now let go out there and be safe!