This week’s report from Gawker that Mitt Romney’s email account was hacked shows a surprising lapse of security judgement on the part of the US Presidential nominee for using Hotmail as his personal email – if this is indeed what happened.
Given that Mr Romney’s background has been in equity capital and allied financial markets – where he would have used highly secure email technology due to financial and regulatory requirements – the use of Hotmail is something of a jaw dropper.
Having said this, email accounts like Hotmail are free and easy to set up, so it may be that this was a disposable address created by one of his staffers, or even a supporter. However, if this is the case, then Internet security awareness in this day and age should have encouraged whoever set up the account to enter unique password recovery questions into the system, rather than relying on default settings
The reality, however, is that a Hotmail account is never going to be secure enough for a high profile Presidential candidate or a member of his team, and is therefore unlikely to be his sole account. Even if this email address did genuinely belong to Mr Romney, it’s unlikely that his confidential campaign plans would be found on it. For others who may be contemplating similar exploits, it’s worth noting that it will be relatively easy for law enforcement officials to trace back the password recovery access session and prosecute the perpetrator under US wiretapping laws.
Whatever the reason for this security faux pas, Mr Romney and his campaign team need to bring their understanding of email security dramatically up to speed, especially against the backdrop of the `Hackerazzi’ hack of last year, where celebrities’ free email accounts were compromised using publicly available information.
Next month is the 16th anniversary of the introduction of Hotmail and we all know that the security threat landscape has changed significantly since 1996. I would argue against the use of Hotmail and its fellow Webmail services for all but the most benign of uses – such as a back-up personal-email-only facility.