Hacker doxes intimate email between Colin Powell and Romanian politician

Filed Under: Celebrities, Data loss, Featured, Hacked, Privacy

Colin Powell. Image courtesy of Shutterstock/StocklightGuccifer - a hacker who likes to pick on famous, powerful people - is once again poking at former US Secretary of State Colin Powell.

Powell, who had his email breached when Guccifer doxed ex-president George Bush and his Facebook page subsequently defaced, is now denying Guccifer-spawned allegations of an affair with Corina Cretu, a Romanian politician and journalist.

Guccifer in March took over Powell's Facebook page and posted images he had weaseled out of the Bush family in February.

Those photos included some taken at the Bohemian Club, a top-secret meeting of the world's male kingpins, along with a self-portrait of George W. Bush in the shower.

This time around, Guccifer reportedly hacked Cretu's email account to get at Powell.

According to Infosecurity Magazine, Powell emailed Cretu on 31 July to tell her that by hacking email addresses out of former President Bush's account, Guccifer is "driving everyone here crazy":

"The hacker gets addresses from my contact list which he got when he hacked into President Bush's account. Our security people have been chasing him for months. He may have lots of your emails, maybe not, so best to delete all between us."

Alas, that advice appears to have been, as the saying goes, a day late and a dollar short.

Guccifer was apparently already in Cretu's account.

The hacker reportedly posted tenderly yearning email messages from the Romanian politician to Powell on a Google Drive file, then publicised the drive on the Facebook account of a retired general who's also a Facebook friend of Powell's.

Guccifer also exposed the material directly to Powell's Facebook followers by posting a message on Powell's wall with a link to the Google Drive page, according to The Smoking Gun.

Guccifer also posted Cretu's email to Cryptome - an online library of documents to do with cryptography, spying, surveillance and freedom of speech.

In a statement to The Smoking Gun, Powell said there's no fire beneath the smoke of the flirty emails:

Over time the emails became of a very personal nature, but did not result in an affair. Those type of emails ended a few years ago. There was no affair then and there is not one now.

Was Ms. Cretu sloppy with her computer security? Perhaps she chose an easy-to-guess password, say?

Maybe she typed out those yearning emails to Colin Powell after having signed in to her email account using a head-bangingly silly password, such as the name of a pet?

It's a crime to hack people's accounts. Cretu was victimized, and so was Powell, and all else who get doxed in this manner.

One hates to blame the victim.

Oh, wait, scratch that! This is info security! The victim is often blamed!

Ms. Cretu, if you did, in fact, have an easy-to-guess password, I hope that in the aftermath of this incident that you start boning up on how to create one that's a bit harder to guess.

It might not be your fault, morally speaking, if your password was hacked, but there's no reason to make it easy as pie for troublemakers like Guccifer to get at your personal data.

Image of Colin Powell courtesy of stocklight / Shutterstock.com.

, ,

You might like

3 Responses to Hacker doxes intimate email between Colin Powell and Romanian politician

  1. Anonymous · 793 days ago

    I have no knowledge of this situation, but often when a famous person's account gets hacked, it's due to those "Forgot My Password" questions that a growing number of sites make you fill out with much-easier-to-research-or-guess answers. So maybe everyone chose super-strong passwords, but answered the "What is the name of your pet?" password recovery question correctly.

    • I wonder if David Cameron might be caught out by that one?

    • Juan · 790 days ago

      "...those "Forgot My Password" questions that a growing number of sites make you fill out with much-easier-to-research-or-guess answers."

      That's an excellent point. I recently established an account on a security-related website, and the password recovery security questions they asked were all pre-packaged, and all of them were stupid. Any member of my extended family (siblings, cousins, etc.) could answer most of the questions. And if any of them have been blabbing such family history on Facecrook (many of them have Facecrook accounts; I don't), others could easily discover that information.

      Such prepackaged security questions are just blitheringly stupid. How difficult is it to let the user create his/her own security questions, the answers to which ONLY the user knows? Many sites already do it.

      We have a long way to go before everyone starts taking security seriously.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

I've been writing about technology, careers, science and health since 1995. I rose to the lofty heights of Executive Editor for eWEEK, popped out with the 2008 crash, joined the freelancer economy, and am still writing for my beloved peeps at places like Sophos's Naked Security, CIO Mag, ComputerWorld, PC Mag, IT Expert Voice, Software Quality Connection, Time, and the US and British editions of HP's Input/Output. I respond to cash and spicy sites, so don't be shy.