Politicians are an interesting class of people when discussed in the context of social engineering. The public nature of their career not only requires them to use social engineering on a daily basis but it also opens them up to becoming targets of social engineering as well.
How Politicians Use Social Engineering
Many of the tasks politicians perform naturally lend themselves to social engineering. It would seem that, in the United States at least, a person that is an expert in social engineering techniques would have a better opportunity at becoming a successful politician than someone who is not. In fact, during a politicians career, he/she will implement many of the basic social engineering principles.
The principles of reciprocation, obligations, concessions, authority, consensus, commitment and consistency and liking are the very essence of what a politician must strive for in order to be elected in the first place. This is what gets most politicians their jobs at first, and what sometimes leads to their demise as well.
How Social Engineers’ Use Politicians
Just like any other celebrity, the life of a politician is open to the public. This vast amount of public knowledge makes them targets for a malicious social engineer. The potential to harm a politician’s public image is enough for them to be very wary of who they trust.
During the 2016 United States Presidential Elections, Mike Pence, was the victim of a malicious social engineering attack. As reported in the IndyStar, June 1, 2016, a scammer hacked into Mr. Pence’s personal email account. The scammer, now posing as the Pences, said they were victims of an attack. Although not hurt, the email said that attackers stole their money, bank cards and mobile phones. Impostor scams, such as this one, were the third most-common complaint reported last year to the Federal Trade Commission.
As reported by SecureWorks in March 2016, CTU researchers identified a phishing campaign using Bitly accounts to shorten malicious URLs. The targets included email accounts linked to the November 2016 United States presidential election. Specific targets included staff working for or associated with Hillary Clinton’s presidential campaign and the Democratic National Committee (DNC). The shortened links in the phishing emails redirected victims to a URL that spoofed a legitimate Google domain. High profile victims of this phishing campaign were John Podesta and Colin Powell.
As reported on Motherboard, on March 19, 2016, Hillary Clinton’s campaign chairman John Podesta, received an alarming email that appeared to come from Google informing him that someone had used his password to try to access his Google account. The phishing email included a link to a spoofed Google webpage informing him to change his password because his current password had been stolen. Mr. Podesta clicked the link and changed his password, or so he thought. Instead, he gave his Google password to Fancy Bear and the rest as they say is history.