80,000 Hours career review: Information security in high-impact areas

Abstract

This is a cross-post of a career review from the 80,000 Hours website written by Jarrah Bloomfield. See the original here. As the 2016 US presidential campaign was entering a fractious round of primaries, Hillary Clinton’s campaign chair, John Podesta, opened a disturbing email.[1] The March 19 message warned that his Gmail password had been compromised and that he urgently needed to change it. The email was a lie. It wasn’t trying to help him protect his account - it was a phishing attack trying to gain illicit access. Podesta was suspicious, but the campaign’s IT team erroneously wrote the email was “legitimate” and told him to change his password. The IT team provided a safe link for Podesta to use, but it seems he or one of his staffers instead clicked the link in the forged email. That link was used by Russian intelligence hackers known as “Fancy Bear,” and they used their access to leak private campaign emails for public consumption in the final weeks of the 2016 race, embarrassing the Clinton team.