Clinton Foundation Gets Spear-Phished By Russians, Hires FireEye To Investigate

REUTERS just reported that the Clinton charitable foundation hired the security firm FireEye to examine its network after seeing indications they might have been hacked by Russians, according to two sources familiar with the matter.

One of the sources and two other U.S. security officials told the news agency that the hackers used spear phishing to get access to the foundation’s systems, just like the Democratic National Committee, Hillary Clinton’s presidential campaign and the party’s congressional fundraising committee. It is highly likely that they have penetrated the RNC and the Trump campaign as well, and know exactly what is going on there in great detail.

The hackers used the same social engineering tactics as Russian intelligence agencies or their proxies used against the Democrat groups, which looks like a clear indicator that Russians also targeted the Clinton Foundation. Russia has of course denied allegations it was involved in the hacks. Putin is a KGB spook, and you know the expression: once a spook, always a spook. That is not a world you can escape from alive.

The Clinton Foundation has not commented on the report. FireEye told Reuters they don't comment on its clients.

It's a good idea if you are at the top of an organization to set a good example. 

Especially in politics it is a good idea to apply the policy of setting a good example, because if you don't the fallout can be severe. Here is a well-documented example of a politician not following their department policy of taking regular security awareness training courses, and I am sure she is not the only one. This is a short quote from the dailycaller site 10/1/2015:

"Glaring shortcomings in cyber-security training throughout the State Department on former Secretary Hillary Clinton’s watch reflected a pervasive anti-security “culture” she encouraged there, according to multiple former intelligence and military officials.

Acting State Department Inspector General Harold W. Geisel issued six critical reports that charged top officials did not submit themselves to the department’s mandatory “security awareness training” during Clinton’s tenure. The training covers procedures for properly handling of sensitive and classified government documents and how to secure digital communications.

Well, if you have a good security technology but you don't use it, sooner or later it will bite you in the behind.

Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before the bad guys do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Topics: Spear Phishing

Subscribe To Our Blog

New call-to-action

Get the latest about social engineering

Subscribe to CyberheistNews