Mike Pence used personal AOL account for government business as Indiana governor

Surprise! It was hacked!

Mike Pence used personal AOL account for government business as Indiana governor

While serving as Governor of Indiana, Mike Pence routinely used his personal AOL email account to conduct government business.

Yes, AOL...

On 2 March, Indiana's current governor Eric Holcomb released to IndyStar 29 pages of emails that passed through Pence's AOL account.

Those messages reveal that Pence used his personal email account to execute his duties as governor. Over one chain of messages, for instance, Donald Trump's right-hand man communicated with several members of his staff involving his efforts to prevent Indiana's resettlement of Syrian refugees. In another thread, he discussed a shooting at Canada's national parliament building.

That's what we know. But that's not all we know.

Holcomb withheld an undisclosed number of emails. Why? According to IndyStar, he felt they were "deliberative or advisory, confidential under rules adopted by the Indiana Supreme Court or the work product of an attorney."

So why does this matter?

On a personal level, it's hypocritical. Pence spent much of his time on the campaign trail criticizing Hillary Clinton, who set up a private email server in her home while serving as Secretary of State under President Barack Obama. He felt she had unnecessarily jeopardized the United States' national security.

As he said on NBC's "Meet the Press" in September 2016:

"What’s evident from all of the revelations over the last several weeks is that Hillary Clinton operated in such a way to keep her emails, and particularly her interactions while Secretary of State with the Clinton Foundation, out of the public reach, out of public accountability. And with regard to classified information she either knew or should have known that she was placing classified information in a way that exposed it to being hacked and being made available in the public domain even to enemies of this country."

All the while, Pence knew he had used his own personal email during his tenure as Indiana's Governor. Did he have access to classified information on a national scale? No. But that doesn't mean he didn't receive emails containing otherwise sensitive information.

Which brings me to my second point: Pence's use of a personal email account constituted a security risk. Government email accounts are oftentimes protected by additional layers of security and monitoring. Pence chose to forego those security measures and went with his AOL account, leaving himself open to attack.

In fact, opportunistic hackers seized control of Pence's account in 2016. They then abused that access to send out an email claiming Pence and his wife were stranded in the Philippines and were in desperate need of funds.

Mike pence scam email

Here's what that scam email said:

Good Morning,

Hoping this email reaches you well, we sorry for this emergency and for not informing you about our trip to Phillippines but we just have to let you know our present predicament. Everything was fine until we are attacked on our way back to the hotel, we are not hurt but we lose our money, bank cards, mobile phone and our bag in the course of this attack. we immediately contacted our bank in order to block our cards and also made a report at the nearest police station. We have been to the embassy and they are helping us with my documentation so we can fly out but I'm urgently in need of some money to pay for our hotel bills and my flight ticket home, will definitely REFUND as soon as back home.

Kindly let us know if you would be able to help us out so we can forward you the details required for wire transfer.

Waiting to hear back from you...

Thanks

Mike & Karen

Let's also not forget Pence's personal email account amounts to a failure of transparency. Indiana law requires emails pertaining to state business to be retained. As such, Pence should have been forwarding these emails to his state email account while in office. There's no indication that he did so, however, until he was about to leave office in 2016.

The moral of the story is this: regardless of what side of the aisle we're talking about, there are people on both sides who make stupid decisions by using a personal email account to conduct government business. If you're an elected official, you should use your government-appointed account so that it can be monitored, archived, and secured.

End of story.

Tags: , ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

, ,

One Response

  1. Santeria

    March 6, 2017 at 6:48 pm #

    Candidate Rick Scott used a private account in Campaigns just before he became governor of FL. Account was deleted when he won. Which was , as I understand it, in contravention of the campaign laws. I was in Florida at the time of the Campaign.
    http://articles.orlandosentinel.com/2011-09-24/news/os-deleted-scott-emails-20110923_1_emails-transition-team-fdle
    The claim locally was that the delete was not accidental. The same "Accident" happened with email Dick Cheney was associated with Federally

Leave a Reply