FBI Director Kash Patel’s Personal Email Account Apparently Breached By Iranian Hackers
from the who-needs-opsec-when-you-can-party-with-hockey-players dept
Call me a sicko, but I’m almost always happy when a top-level government official’s communications get hacked. That’s because — in almost every case — either the official seems to be a bit shady, or holds a high-level position in an agency involved in some shady stuff. I mean, it’s not like hackers are targeting the head of HUD or the transportation secretary. They’re targeting people like Kash Patel, who’s currently mismanaging the FBI.
Sure, the reason these people are targeted is because their information is more useful to hackers and foreign adversaries. But there are plenty of hackers not tied to foreign entities that go after the same people with the goal of forcing the sort of transparency and accountability these people and the agencies they lead persistently resist.
(And I have no love for hackers targeting entire government agencies just to harvest sensitive info to engage in identity fraud or hold the data for ransom. Government agencies serve the public. Most top-level government officials — especially in this administration — are only serving themselves.)
So, it gives me no pleasure a certain amount of pleasure to report that Kash Patel has been hacked. Reuters was the first to report on the breach:
Iran-linked hackers have broken into FBI Director Kash Patel’s personal email inbox, publishing photographs of the director and other documents to the internet, the hackers and the bureau said on Friday.
On their website, the hacker group Handala Hack Team said Patel “will now find his name among the list of successfully hacked victims.” The hackers published a series of personal photographs of Patel sniffing and smoking cigars, riding in an antique convertible, and making a face while taking a picture of himself in the mirror with a large bottle of rum.
A picture is worth a thousand words. And I don’t mean to malign the messenger, but perhaps some better words might have been chosen to describe the photos seen by Reuters reporters. “Selfie with a bottle of rum” maybe doesn’t quite capture the entire essence of this photo, but it’s far less unwieldy than “making a face while taking a picture of himself in the mirror with a large bottle of rum.”
That bit of mild criticism aside, the report is a bit of a blockbuster. First, the FBI has already confirmed this hack by Handala, which seems counter to its usual insistence on pretending things didn’t happen and/or insulting the press for reporting on it.
Second, while it probably contains some juicy stuff from Patel’s Gmail account, it doesn’t contain the stuff we really want to see: his communications since being elevated to FBI director.
Alongside the photographs of Patel, the hackers published a sample of more than 300 emails, which appear to show a mix of personal and work correspondence dating between 2010 and 2019.
The FBI’s statement is correct in the fact that this breach seems to contain nothing more than “historical” communications. But the second part of the statement — that this “involves no government information” — cannot possibly be true.
This is from TechCrunch’s report on breach, following the journalists’ attempts to verify the contents of communications shared by Handala:
We used a tool to verify several emails in the leaked cache of files that were sent by Patel from his Gmail account. These emails contained cryptographic signatures that matched the messages, which strongly suggests that the emails we checked are authentic. In some cases, Patel appears to have sent emails from his former Justice Department email address in 2014 to his Gmail account. TechCrunch found that the emails sent from Patel’s DOJ account also appeared to be authentic.
Sure looks like “government information” to me. And it’s especially notable because Patel decided OpSec is for other people by routing DOJ email to his personal inbox. If he had just done the sort of stuff he would logically be expected to do as (in running order) a federal prosecutor and the goddamn deputy director of national intelligence during Trump’s first term, none of that would have ended up exposed by the Handala hack.
All of this makes it very difficult to believe the FBI’s assertion. Either it has already managed to look through everything accessed by the hackers (maybe?) or it’s just taking it’s boss’s word for it (probably). Either way, not a great look. But if we’ve learned anything from the multiple OpSec failures that have defined Trump’s second term, nothing will happen to Patel for violating internal rules governing official US email account security. No one will learn anything from this directly. But if there’s anything Iran can use against us slid between the cigar-sniffing and rum selfies, we — as a nation — might learn a few things indirectly.
Filed Under: breach, doj, fbi, handala hack team, kash patel, trump administration
Companies: gmail
Comments on “FBI Director Kash Patel’s Personal Email Account Apparently Breached By Iranian Hackers”
I don’t want to run around defending Kash Patel, but I send emails from my work email to my personal email. They’re not about work things. They’re not work information. If that’s all he did, then I’d say he didn’t expose any government information.
Now, if you were to ask me if the above were likely, well, no I don’t think so. But a personal grocery list (for example) coming out of someone’s government email address does not make it government information.
Re:
He isn’t a fucking bmw salesman, hes the pedophile defending director of the fbi.
There should be no cross contamination at all.
Who wants to bet his password was “Passw0rd” or “SecretAgentMan69”?
You're mean
You don’t like Patel because he’s cross-eyed. So unfair! He is doing terrific work, like making sure the US men’s hockey team is boozing it up properly. That is so important to the safety and security of the US! Who cares about email security when he needs to be practicing keg stands with Hegseth? Or is that Kegseth?
If the hackers did get hold of material that’s more damning than a few silly selfies, then they’d probably withhold it for now, and publish it when it can do a maximum of damage.
Also by keeping data that is no longer needed, and by keeping it in an e-mail account—and one run by another entity, and probably with a bad password.
Good OpSec, by the way, would also have one avoid creating records unnecessarily. I’m not sure that really applies in this case, as there doesn’t seem to be anything all that embarrassing or incriminating. But a good way to avoid pictures of one’s naked body being published, for example, is to not take those pictures, and not even take one’s clothes off with an uncovered camera in the area (there’s a reason why, if you go to a security conference, many of the experts will have tape over their laptop cameras—they know how trustworthy and reliable software is). Similarly, never do a web search while logged into the search engine.
But, to the extent data does need to exist, have a plan on when and how to delete it—including reviewing the policies of service providers and putting in deletion requests, if applicable.
Don’t we already know from the Hillary Clinton ‘butter emails’ saga that Kash Patel is now on the hook for a death sentence without trial as a direct result of forwarding the DOJ address to his personal inbox?
But his emails...
His email messages are the smallest problem here. Any competent adversary would (and no doubt has) go through them and look for credentials or other information tied to other accounts. This is tradecraft 101: use initial access to escalate to secondary access…because it’s the secondary targets that may be far more valuable.
This includes things like new account access credentials, password reminders, password resets, shipping notifications, sales invoices — anything that would make it possible to get into everything else. And if any of that has significant value, any competent adversary is unlikely to reveal that they’re anywhere near it until after they’ve done as much damage as they can.
So the big story here isn’t his email account: yeah, whatever. It’s his other accounts. What else did he have, what was in those, and how bad is the damage to US security?
Good thing that (unlike Hillary) he wasn’t conducting government business on his personal account, isn’t it?
They were only able to access “historical communications”?
That’s a relief. For a minute there I thought that the hackers were in possession of time travel technology. Good thing they weren’t able to steal any emails that he hasn’t sent yet…