In its report, the Smoking Gun said it had corresponded with the hacker, who told the site that “the feds” had been investigating him for a long time. The Smoking Gun, which identified the hacker only by the alias Guccifer, reported: “Asked if he was concerned about the FBI/Secret Service investigation that will no doubt follow shortly, he replied cryptically, ‘I have an old game with the [expletive] bastards inside, this is just another chapter in the game.’ ”
On Friday, the Bushes seem to be taking the episode in stride.
“This is upsetting, and rightly so” to the Bush family, said Ronald Kaufman, a former adviser to George H.W. Bush and a family confidant. But, he said, they would count themselves lucky if cybertheft was the worst thing that happened to them.
Security experts said that hacking e-mail accounts is not difficult. One common tactic involves sending an e-mail to a target with an attachment or link that looks authentic, thus luring the target to click on or download the file and open software that enables the attacker to steal log-in and password data. That way, the attacker can log in as the victim and gain access to his or her e-mail.
The difficult part is getting the victim to fall for the malicious e-mail — what is called “social engineering” — and applying the right “exploit” or attack tool against the targeted computer.
“The victim needs to be running software for which the intruder has a reliable exploit” that can get the credentials, said Richard Bejtlich, chief security officer for Mandiant, a security firm.
But some hackers don’t need to use malware. In 2010 and 2011, one attacker, using publicly available information, correctly guessed the answers to the “Forgot your Password?” security questions for the e-mail accounts of dozens of celebrities, including Scarlett Johansson and Christina Aguilera.
Rachel Weiner and Ellen Nakashima contributed to this report.