Steve BellovinThat hackers got into Patel’s gmail account suggests one of two possibilities: his device or devices were hacked, or his password was phished and he doesn’t use good 2FA.
Wendy Nather@SteveBellovin Or he reused his password from somewhere else that got popped.
@wendynather And 2FA.
Chris Petrilli@wendynather @SteveBellovin hotrocket1 is totally a secure password
Paul_IPv6patel using bad or multiply used password and bad/no 2FA are totally plausible for our cosplay LEO head of FBI...
he is exactly the kind of "executive" that used to make early BYOD such a total security nightmare for most of us.
Bradalot “
”I know it's not likely, but I really wanted it to be a malicious openclaw agent
If there's any justice, we'll find out he downloaded "FBI Agent" from openclaw.
Jim Fenton 🇺🇸<>🇨🇦@SteveBellovin or that GMail never really logs you out.
Norman Wilson@SteveBellovin Or he put his password on his web page in case he forgot it (and 2FA).
Poul-Henning KampI'm totally on board with the incompetence-hypothesis here, but there is one more possibility:
State level actors have "assets" embedded in major tech-companies like Google, Apple, Intel, Microsoft.
If you want to argue otherwise, give me a minute to make pop-corn first :-)
Per Thorsheim@bsdphk @SteveBellovin Granularity: Not that long since Gmail went mandatory 2FA. Processes for account recovery, forgot password & 2FA login can be excellent attack vectors, simswap makes it even more so. Even Patel is human, and humans reuse pwds across multiple services, so a compromise somewhere else may provide direct access, or increase probability of pwd spraying / credential stuffing to work.
Why should Patel be considered better than most at protecting personal accounts?
Why should Patel be considered better than most at protecting personal accounts?
@thorsheim @bsdphk Because he should have been, and probably was, briefed by the FBI’s excellent cybersecurity people on what to do.
Ichinin 
✅🎯🙄@SteveBellovin or stealer malware that make 2FA worth jack shit.
matthew green@SteveBellovin surely that guy has way more ways to fail that at this merely two