Kerry said that a hack of his email was not “outside the realm of possibility,” adding, “we know they have attacked a number of American interests over the course of the last few days.” Kerry referred to the recent hacks of the Office of Personnel Management (OPM), which lost personal data on millions of government employees during a June breach that U.S. officials attributed to Chinese hackers, and the Joint Chiefs of Staff email, which was accessed in a July breach blamed on Russian intruders.
Although Kerry acknowledged the possibility that his emails are not private, he told Pelley, “I certainly write things with that awareness,” suggesting that he was careful not to put sensitive information in email.
“Spying has taken place for centuries and the latest means of spying is to be going after peoples’ cyber,” Kerry explained. He said the U.S. government was investing billions of dollars into protecting itself against future data breaches.
The Joint Chiefs of Staff email system was taken offline for over two weeks after a breach U.S. officials said was likely orchestrated by Russian hackers. No classified information was lost, Slate reports, but attackers did access the president’s daily schedule.
However, Carnegie Mellon University professor and cybersecurity expert Jason Hong cautioned that classified information was not necessary to make the information accessed in the hack valuable. Hong said that the emails could be used to orchestrate a spear-phishing attack.
“The goal of spear phishing is to fool people into circumventing all of their own cybersecurity defenses, tricking people into sharing their password, replying with sensitive documents, or installing malware,” Hong explained. With more information about how potential hacking targets communicate, hackers could more easily impersonate them and trick others into sharing sensitive information, Hong said.
