Deconstructing the Bush family email hack

Deconstructing the Bush family email hack

Summary: Last week, a hacker released information about the Bush family, a family containing two former U.S. presidents. In this article, our own David Gewirtz takes us behind the scenes of the investigation.


On Thursday, The Smoking Gun ran an article describing the apparent hacking of email accounts belonging to the Bush family and family friends. Unlike other analysts, I’m not going to look at the contents of the messages disclosed. Instead, I’m going to spend a few minutes deconstructing the hack itself.

What got hacked?

According to the original article, six individual email accounts were compromised, although the Web site only enumerates five individuals. That point is, in and of itself, curious. The pattern of who was compromised is quite interesting as well, depending on whether you describe the individual as related to the first President Bush (George H.W.) or his son (George W.):

Individual Relationship to Bush 41 Relationship to Bush 43 Notes
Dorothy Bush Koch Daughter Sister Her AOL account was apparently compromised
Scott Pierce Barbara Bush's brother Uncle Mr. Pierce wasn’t named, but he’s Mrs. Bush’s only surviving brother.
Unspecified Sister-in-Law Sister-in-law Aunt President Bush 41 has a number of siblings. Between Mrs. Bush’s siblings' surviving spouses and his, we can’t immediately guess who this person might be.
Williard Heminway "Old friend" Friend of his father 79, of Greenwich, CT
Jim Nantz "Longtime Bush family friend" Family friend CBS sportscaster
Unspecified Unknown Unknown The sixth individual wasn’t specified either by name or description. There’s not enough information to speculate on identity

The reason for the above chart is to help us see if there are any patterns. The original article from The Smoking Gun is (probably purposely) obtuse, but it seems to indicate that six accounts were compromised. Another possibility is that one account was compromised, but had a large collection of correspondence from the other accounts.

In any case, because the information released was – in the main – about Poppy Bush and correspondence related to his condition, and since the cluster of compromise is considerably closer to the elder President, if I were heading an investigation team, I’d start with those in 41’s circle of associates and see where there might be clues.

How did the hacker do it?

There are two key ways a hacker gains access to a public-cloud email account. The first is by figuring out the user name and the password. The second is by some form of meat-space interaction.

Let’s look at that second option first. At least three of the victims are in their 70s or older. The odds of them all having good password discipline is minimal. In fact, it’s entirely possible that at least one of them wrote their password down and left it out in the open. I’ve seen people who use physical yellow sticky notes and paste their account names and passwords on their monitors.

In the case of the victims, there is the possibility that this sort of error was made, and that someone in their circle, possibly a service provider, found the written password and account information and made use of it. It’s also possible that one of these service providers were actually given the login information, and asked to retrieve messages, and type back replies to correspondents.

In other words, the butler could have done it.

On the other hand, as with the Sarah Palin email hack, the hacker may have guessed the password for the account, either because of poor password hygiene on the part of a victim, or because of the availability of substantial publicly-retrievable information on the victims.

Why did the hacker do it?

While there’s always the possibility of a brilliant hacker who managed to tunnel in through miles and miles of secure defenses, I find that increasingly unlikely.

This wasn’t a strategically motivated hack. We have a long experience with hackers who penetrate a network or an email account and keep that information to themselves. Their purpose is espionage, the gathering of information – and they don’t want to let anyone know they’re there.

If this were a strategically motivated hack by another nation state or even a rival political player, we wouldn’t be reading about it now, and we certainly wouldn’t be reading about it because the hacker released his “take” for publication.

No, the hacker wanted bragging rights. This may be someone who has a personal grudge against the Bush family, as indicated by the statement in The Smoking Gun, “i have an old game with the [expletive deleted] bastards inside, this is just another chapter in the game.”

Of course, it's possible that the hacker is simply an individual who dislikes the Bushes and imagines a personal relationship of some kind with them, or who was simply showing off the fact that he or she was able to gain access.

How will this hack be investigated?

If I were leading this investigation, I’d look initially for someone who had regular, if intermittent contact with the Bushes, in a service-provider role. Although some of the information released was somewhat politically embarrassing (a statement made by Jeb about President Clinton, for example), most of the information and the photographs were deeply personal.

Releasing that sort of information would more likely to be done by someone with a personal grudge (and probably some level of access). The Bush family is a proud family, and releasing personal information about Poppy’s illness and how family and friends might deal with their grief should he succumb smacks far more of a personal grudge than a political one.

As for how this hack will be investigated, here’s a pretty simple answer: with the full might and power of the United States government. Personal and private details about the health and communications of two former Presidents, two former First Ladies, and a former governor were compromised.

Nothing – nothing – will stop the Secret Service and FBI from tracking this one down.

Will the hacker be caught?

I’ve been asked this question a lot in the past few days. In fact, I did an interview with NY Daily News, where I was asked that question: “Cybersecurity author David Gewirtz placed the odds of an arrest at 100%”

On the other hand, Daily News asked Eddie Schwartz, of cybersecurity firm RSA the same question. His answer: “Some hackers are very good at covering their tracks.”

I’m sure Mr. Schwartz is good at his job, but in this case, he’s wrong. The hacker has done very little to cover his tracks and – instead – seems more interested in showing off than in maintaining operational security.

This hacker will be caught. Of that, there’s no doubt.

By the way, if you want to know more about Bush administration email, you can read many more articles on the topic and my book (a free download) by clicking here.

Topics: Security, Government, Privacy


David Gewirtz, Distinguished Lecturer at CBS Interactive, is an author, U.S. policy advisor, and computer scientist. He is featured in the History Channel special The President's Book of Secrets and is a member of the National Press Club.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Makes sense to me

    And as I've no doubt that the current President expects to live long enough to be a former President (who would want his own privacy protected), I'm sure there will be absolutely no interference from the White House.

    Someone will be arrested and will be made an example of; my only fear would be that it might not be the perpetrator.
    John L. Ries
  • A case of irresponsible stereotyping

    By trying to tie the probable simplicity of password handling with age you have shown, once again, that ZDNET has an editorial value system on par with 2600 but without the curiousity factor that makes me buy their magazine whenever I'm at a bookstore that carries it.

    My experience with people that age is that while response time does slow down, at what point it interferes with life depends on the person.

    Have you never seen a 30 year old that looks and acts like the stereotypical 90 or vice versa?

    Do you think passwords are not misused by young users or that only 70 year olds use passwords like "password" or stick-it notes?

    I haven't seen the numbers, but I assume the use of password safes increase to compensate for the occasional loss by those who already decided to use passwords well. Passwords, encryption, and mishandling secrets have been around for centuries, read Simon Singh's "The Code Book". It would have been better if you would suggest a plausible alternative instead of making false associations. It is not 70 year olds that are claiming it should be a crime to have a secret to keep like a password or credit card number.

    I could say more about the age gap, but I refuse to take advantage of people's youth and lack of experience.
    Dave Keays
    • Stereotypes are often true

      The thing is that while generalizations might be true for the group, there will inevitably be individuals within the group for whom the generalization isn't true. In the case of computers, there are lots of very technically savvy old folks, but nearly all of them are retired techies. Most people that are 70 or older lived the vast majority of their lives without computers and many have never really been comfortable with them.
      John L. Ries
  • report the real facts, not just your opinions

    David Gewirtz, i think your an idiot who believes anything they are told. how is the fbi going to find this individual when they cant find the people responsible for hacking the fbi. gov site and other .gov sites. Cloud storage, wether public or private is still BAD. if you want your information to remain private, dont use a computer. i dont think this "hack" is a security flaw left by granny..... i think its the government covering up, yet another hack by a bigger group. the fbi has been out of the reach, and pissed off that they cant find these hackers responsible. the group Anonymous is out for blood since Aaron Swartz, hacker and information activist and Reddit cofounder, has committed suicide at age 26 while under custody of the fbi for alleged hacks. read up on it, you might learn something about hackers....Hackers will hold onto information, only if its not useful to them at that moment. but if it helps the movement, it will be released to the public. the group anonymous has already sent letters to specific government employees, asking for specific information, and details on the Aaron Swartz case by a certain date, and if not received, then more of these hacks/information already obtained, will be released to the general public.

    "While there’s always the possibility of a brilliant hacker who managed to tunnel in through miles and miles of secure defenses, I find that increasingly unlikely." that quote is the dumbest thing i have ever heard coming from someone who supposedly keeps up with public hacks. how did you come up with the word increasingly? according to the details in the report, the fbi dont know whats goin on, so how can we rule out that it wasnt a legit experienced hacker, that decided to release the info at a stragegic time. you say that hackers dont publicize major hacks? how about the 10k passwords and logins to porn sites of government paid employees a few months back? did yall forget about that? or how about the personal hacks against the head of security for the pentagon, abdul something or other was his name. he was attacked for leaking information to the hackers via irc chatrooms. thus the LULZ BOAT became public and vengeful..... how about the call center directing all calls to the whitehouse and shutting down the phones with thousands of calls per minute. how about the servers that were used for keeping security holes open on millions of machines, that the fbi supposedly fixed...but not really. how about ussc. gov being turned into a game of asteroids and locking the government out of their own servers. THE FBI IS PISSED THEY CANT FIND THESE GUYS, AND ARE TRYIN TO MAKE THEMSELVES LOOK GOOD IN LIGHT OF THE SITUATION.

    Prove me wrong, and i will eat my words
    • This looked like an opinion piece to me

      He has the privilege of stating his opinion and you have the privilege of stating what you think is wrong with it and why.
      John L. Ries
  • A minor point ...

    ... but irritating.
    Please don't use "were" instead of the grammatically correct "was".
  • Done by someone with a grudge?

    Around 200,000,000 people?

    Is there a TMZ for politics?
    Rob Berman
  • Damn.....

    Didn't even know the Bush family knew what Email was!