3 min read

Hillary Clinton targeted in malware attack? Don't speed too fast to that conclusion


October 01, 2015

Promo Protect all your devices, without slowing them down.
Free 30-day trial
Hillary Clinton targeted in malware attack? Don't speed too fast to that conclusion

If you believe some of the headlines being bandied about in the last 24 hours, a group of Russian hackers targeted Hillary Clinton’s controversial personal email server while she served as US secretary of state.

But I’m not sure that’s quite true.

Yes, it does appear that Clinton received a series of emails in the early hours of 3 August 2011, posing as speeding tickets from New York. And attached to those emails was malware capable of infecting Windows computers and stealing information.

But that doesn’t mean that Mrs Clinton was specifically targeted, or that we should jump to the assumption the attack was orchestrated by Russian intelligence services.

Because the truth is that online criminals were spamming out malware, using that precise disguise, to all-and-sundry on the internet at the time.

Indeed, back in July and August 2011 I took screenshots of malware campaigns that I saw being widely distributed via email.


Malware attacks like this rely upon the recipient not engaging their common sense. After all, the police don’t email you when your car is caught speeding – they’re more likely to write to you through the post. Thinking logically, how likely would it be that the police would link an email address to a car license plate?

But not everyone does think logically when they receive an email like this. Many people are so furious at the thought of receiving a speeding ticket – particularly if they weren’t driving in New York on a particular date – that they click on a boobytrapped attachment without thinking.

And in the blink of an eye a Trojan horse has tricked its way onto another victim’s computer.

Clinton campaign spokesman Nick Merrill attempted to pour cold water on the seriousness of the incident by issuing a statement to the press:

“We have no evidence to suggest she replied to this email or that she opened the attachment. As we have said before, there is no evidence that the system was ever breached. All these emails show is that, like millions of other Americans, she received spam.”

And you know what – that sounds right to me. If Hillary Clinton was “targeted” then so were millions of other computer users at the same time.

No, she wasn’t targeted. It was just that her email address was one of many many others that happened to be in the spammers’ list. I think it’s highly unlikely that the attackers were even aware that they were sending malware to one of the world’s most powerful women.

Hopefully Hillary Clinton did have some anti-virus solution protecting her inbox, and/or the wits about her enough to not be duped into opening an unsolicited email attachment that could have infected her computer.

The truth is, of course, that we can all make mistakes – and can make poor decisions which can put our computer systems at risk. We just hope that those who are hoping to become the next President of the United States make less mistakes than the average Joe in the street, and have teams of advisors to help them handle the tricky decisions, or indeed the minutiae of chucking emailed speeding tickets in the bin.

Security software acts as a safety net, there to protect us when we act in a risky fashion, hopefully providing an additional layer of protection which goes beyond common sense.




Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s.

View all posts

You might also like