DOCUMENT: Internet, Crime

Bush Hacker's Victims Include U.S. Senator

Lisa Murkowski's Yahoo, Flickr accounts breached

FEBRUARY 14--As federal agents hunt for the culprit who illegally accessed several Bush family e-mail accounts, The Smoking Gun has learned that the hacker’s victim list also includes a U.S. Senator, a senior United Nations official, security contractors in Iraq, two former FBI agents, and a Department of Defense supervisor.

The hacker, who uses the alias “Guccifer,” apparently began the breaches last year, with infiltrations of the AOL accounts of Dorothy Bush Koch, sister of George W. Bush (and the youngest child of George H.W. Bush), and Bush family friends Willard Heminway, 79, and Jim Nantz, the CBS sportscaster.

While Dorothy Bush Koch’s account yielded the hacker a trove of sensitive e-mails, documents, and photos about the Bush clan--including correspondence to and from the two former presidents--other compromised accounts were also raided for intimate information about the political dynasty.

For example, the hacker broke into the AOL account of Scott Pierce, the 82-year-old brother of Barbara Bush, and accessed correspondence between him and the 87-year-old former First Lady. The hacker also infiltrated the Comcast e-mail accounts of Josephine Bush, sister-in-law of the 41st president (and mother of Access Hollywood host Billy Bush), and Patricia Legere, a Bush family friend (and former Miss Maine).

The illegal incursions gave the hacker confidential details about the Bush family’s travels, illnesses, and whereabouts. But while able to access AOL and Comcast accounts, the hacker does not seem to have broken into the personal e-mail accounts of either former president, both of whom send and receive mail via specific domains established for their post-presidential offices.

In e-mail exchanges, the perpetrator did not reveal a motive for the hacks or details about how they were engineered over the past several months. But it seems likely that certain targets were identified by the hacker’s perusal of e-mail accounts that had already been compromised. This daisy chain approach likely explains how members of the Bush family’s inner circle were targeted. One of the hacker’s victims surmised that their e-mail account was a “domino” that had fallen in sequence.

In most instances where a TSG reporter contacted a victim, they were unaware that their e-mail account had been compromised.

One victim who had learned of the incursion said that the hacker had also rummaged through several other online accounts, including an IRA account. When the victim checked with representatives of the financial institution, she was told her retirement account had been accessed via an IP address that traced back to the Russian Federation. Hackers routinely go to great lengths to mask their actual IP addresses via proxy servers and powerful anonymizers that can make it appear they are committing crimes from the other side of the world.

When asked about the breadth of their illegal activity, the hacker offered that, “I have some 40 high profile victims,” including politicians, show business figures, and diplomats. While claims like this often amount to nothing more than bluster, the hacker’s assertions are more than wishful thinking.

E-mail records and screen grabs reveal that the hacker’s other victims include:

 •  U.S. Senator Lisa Murkowski. The Alaska Republican’s Yahoo e-mail account was broken into last year. Access to the Yahoo account appears to have also allowed the hacker to sign into the 55-year-old politician’s Flickr account. A screen grab of the Yahoo account’s inbox contains the greeting “Hi, Lisa” and includes e-mail updates from Flickr about her photo storage account. A screen grab from the Flickr account page indicates that the visitor was “Signed in as U.S. Senator Lisa Murkowski.”

Murkowski spokesperson Matthew Felling said that the Senator and her staffers were unaware that the two accounts had been compromised. Felling added that the Yahoo account was created five years ago to manage Murkowski’s Flickr account and that she “has never used this account for incoming/outgoing communication.”     

 • U.N. Under-Secretary-General Joseph Verner Reed. The 75-year-old diplomat, who also serves as a special adviser to Secretary-General Ban Ki-moon, had his AOL account breached by the hacker, who accessed Reed’s e-mail, as well as certain financial and travel records. Reed, pictured below, served as ambassador to Morocco during the Reagan administration and was the White House Chief of Protocol for George H.W. Bush.

Prior to those political appointments, Reed, who did not return TSG phone messages, worked for 20 years at Chase Manhattan Bank, where he served as David Rockefeller’s personal assistant. In an e-mail, the hacker wrote that he had gained access to the e-mail accounts of Happy Rockefeller, widow of former Vice President Nelson Rockefeller, and other Rockefeller family members.

 • David Greenberg, a veteran intelligence analyst working for Lockheed Martin, had his Yahoo account hacked late last year. Greenberg, who has a Top Secret security clearance, has been deployed to Iraq and Afghanistan, and has been attached to the Department of Defense’s Joint Improvised Explosive Device Defeat Organization. Among other sensitive matters, the hacker’s entry to Greenberg’s inbox allowed him access to a daily “threat update” issued by the Baghdad Embassy Security Force (BESF).

 • The AOL account of Rex Evitts, an employee of a military contractor working in Iraq, was hacked last year. Assigned to the BESF, Evitts was a project manager overseeing explosive detection dog teams. However, by the time the hacker broke into Evitts’s account, it had already been dormant for nearly a year (and had more than 6000 e-mails in its “New Mail” folder). Evitts, an Air Force veteran who did five tours in Vietnam, died of lung cancer in December 2011. He was 68.

 • Susan Malone, an Army supervisor stationed in Afghanistan, had her Yahoo account hacked. Malone, assigned to the U.S. Army’s Human Terrain System, a military intelligence support group, holds a Top Secret clearance. She previously worked in Baghdad as a senior adviser with the U.S. Embassy's Anti-Corruption Coordination Office. Once inside Malone’s e-mail account, the hacker browsed its contents and even re-sorted the mail to display only correspondence with attachments (like PDFs and spreadsheets). Malone’s account included memorandums, presentation files, and briefing documents. Screen grabs show that while the material was listed as unclassified, some documents carried the non-public “FOUO” (For Official Use Only) designation.

Malone, 65, is a former FBI agent who, in 1972, was one of the first two women to be sworn in as special agents. Malone, seen at right, did not respond to TSG e-mail and phone messages.

 • The Comcast e-mail accounts of two ex-FBI agents were hacked about two months ago. In an interview, one of the retired investigators surmised that the duo, who are married, may have fallen victim to a “spear phishing” attack. The ploy, a favorite with hackers and fraudsters, often involves the sending of an e-mail with a “weaponized” attachment that, if opened by the targeted recipient, can compromise the victim’s computer (or network) and result in the theft of passwords and other valuable information.

One of the former federal agents said that none of the information in the couple’s compromised e-mail accounts was classified. While unsure as to how they came to the hacker’s attention, the agent recalled having e-mail contact with Susan Malone in the months before the hack. “It was probably just a domino thing,” the victim concluded. (3 pages)