REUTERS just reported that the Clinton charitable foundation hired the security firm FireEye to examine its network after seeing indications they might have been hacked by Russians, according to two sources familiar with the matter.
One of the sources and two other U.S. security officials told the news agency that the hackers used spear phishing to get access to the foundation’s systems, just like the Democratic National Committee, Hillary Clinton’s presidential campaign and the party’s congressional fundraising committee. It is highly likely that they have penetrated the RNC and the Trump campaign as well, and know exactly what is going on there in great detail.
The hackers used the same social engineering tactics as Russian intelligence agencies or their proxies used against the Democrat groups, which looks like a clear indicator that Russians also targeted the Clinton Foundation. Russia has of course denied allegations it was involved in the hacks. Putin is a KGB spook, and you know the expression: once a spook, always a spook. That is not a world you can escape from alive.
The Clinton Foundation has not commented on the report. FireEye told Reuters they don't comment on its clients.
It's a good idea if you are at the top of an organization to set a good example.
Especially in politics it is a good idea to apply the policy of setting a good example, because if you don't the fallout can be severe. Here is a well-documented example of a politician not following their department policy of taking regular security awareness training courses, and I am sure she is not the only one. This is a short quote from the dailycaller site 10/1/2015:
"Glaring shortcomings in cyber-security training throughout the State Department on former Secretary Hillary Clinton’s watch reflected a pervasive anti-security “culture” she encouraged there, according to multiple former intelligence and military officials.
Acting State Department Inspector General Harold W. Geisel issued six critical reports that charged top officials did not submit themselves to the department’s mandatory “security awareness training” during Clinton’s tenure. The training covers procedures for properly handling of sensitive and classified government documents and how to secure digital communications.
Well, if you have a good security technology but you don't use it, sooner or later it will bite you in the behind.
