Gizmodo Went Phishing With the Trump Team -- Will They Catch a Charge?

Earlier this month, technology publication Gizmodo published a report on how it "phished" members of the administration and campaign teams of President Donald Trump. The blog said it identified 15 prominent figures on Trump's team and sent e-mails to each posing as friends, family members, or associates containing a faked Google Docs link. But did the publication inadvertently break the law? ArsTechnica reports: "This was a test of how public officials in an administration whose president has been highly critical of the security failures of the DNC stand up to the sort of techniques that hackers use to penetrate networks," said John Cook, executive editor of Gizmodo's Special Projects Desk, in an e-mail conversation with Ars. Gizmodo targeted some marquee names connected to the Trump administration, including Newt Gingrich, Peter Thiel, (now-ex) FBI director James Comey, FCC chairman Ajit Pai, White House press secretary Sean Spicer, presidential advisor Sebastian Gorka, and the administration's chief policymakers for cybersecurity. The test didn't appear to prove much. Gingrich and Comey responded to the e-mail questioning its provenance. And while about half of the targeted officials may have clicked the link -- eight devices' IP addresses were recorded accessing the linked test page -- none entered their login credentials. The test could not determine whose devices clicked on the link. What the test did manage to do is raise the eyebrows of security experts and some legal experts. That's because despite their efforts to make it "reasonably" apparent that this was a test, Gizmodo's phishing campaign may have violated several laws, ignoring many of the restrictions usually placed on similar tests by penetration-testing and security firms. At a minimum, Gizmodo danced along the edges of the Computer Fraud and Abuse Act (CFAA).

Re:This is the EXACT same thing that "hacked" Pode

[sycodon]

I hope the Secret Service finds some law with which to hang these fuckers.

How is this not different than putting a fake gun in your carry on to "test" security?

about that CFAA thing

At a minimum, Gizmodo danced along the edges of the Computer Fraud and Abuse Act (CFAA).

They may have danced along the edges of the CFAA, but the NSA has repeatedly stabbed it until it stopped twitching and then danced gleefully on its decaying corpse. That seems to have been OK.

Let's go after the big offenders first.

Inadvertently?

[aardvarkjoe]

But did the publication inadvertently break the law?

Maybe they didn't think the consequences through, but I find it hard to believe that nobody involved realized that this sort of thing is illegal.

Re:HERE COMES MSMASH

A story on how Gizmodo failed to phish the current administration with legally questionable methods == anti-Trump post???

If anything, this story highlighted the fact that nobody in the Trump administration fully fell for the phishing and that they really may have learned from the failures of the Clinton campaign debacle. Methinks the bias may be yours...

First Hulk Hogan's genitals, now Phishing Trump?

[Glock9mm]

First they go after Hulk Hogan's genitals, now they're phishing Trump? Do they realize how stupid and illegal that is? The entire Gizmag/Gizmodo/Jezebel syndicate is a load of politically sponsored crap.

Quit fooling yourself

[onyxruby]

They didn't dance along the edge of legality. They danced over and never looked back. Legitimate pen test services are painfully aware of this and have the paperwork to prove it.

Ars should have enough sense to check things out for the sake of their own credibility. If Ars Technica bothered to ask anybody who's ever worked in the security industry they would have quickly learned the indemnification is taken very seriously.

http://www.isaca.org/chapters3...
https://pen-testing.sans.org/b...

Hell, even metasploit has been talked about this for years!
https://dev.metasploit.com/pip...

The only people fooled by Gizmodo's phishing logic were the editors who signed off on this to begin with. Next time ask a pro before you publish, it will help you avoid looking the fool.

Re:What We Believe

Trolls like you are so obvious you do not deserve to be heard out.

Trolls are quickly modded down, so most people will only see the troll's post because YOU RESPONDED TO IT.

Do not feed the trolls. If you do, you are part of the problem.

Didn't Prove Much?

[31415926535897]

Makes it sound "inconclusive"--that's not a great way of putting it. The test was a success from the perspective of the administration and a failure on the part of Gizmodo. Gizmodo surely wanted to prove that Trump's administration is as inept as the DNC, and it's clear that nobody fell for it.

I don't really care that Gizmodo did the test, though it seems like they were pretty dumb to go for it without checking on the legality first, but they should be punished in the court of public opinion for failing at a blatantly partisan attack.

Re:This is the EXACT same thing that "hacked" Pode

[Tulsa_Time]

Sure... call them names... pretend you are smarter than your opponents...

Strong argument.

Re:This is the EXACT same thing that "hacked" Pode

I would vote for Trump for no other reason then to piss you off. I imagine a lot of people voted for Trump based on his most vocal enemies. There is a whole lot of people that can stomach Trump more than the preening mass of morons protesting out in the Berklystan region in California. Then there were the people who recognized it didn't matter who won the Presidency because they belong to a group that are not represented in any local, state, or federal level. This group is comprised of white, heterosexual, single, non-religious, educated, employed, and childless people who make just enough money to be disqualified for any lower income tax breaks and fall short of making enough money to take advantage of the tax breaks available to the rich. And if the folks in this group say anything they get branded as homophobes, racists, rednecks, uneducated, with misogynistic tendencies. The only thing this group ever sees is their taxes being raised to be spent on programs that do not have anything to do with helping them. This is the group that put Trump over the top in the electoral college voting. And to add insult to injury no one has even come close to acknowledging the impact this group had on the election outcome.

This is what happens...

[prisoner-of-enigma]

This is what happens when you let your SJW predilections override and interfere with doing journalism. The frothing desire to embarrass members of Trump's administration completely bypassed the normal "is this a good idea?" discussion that should have stopped this ill-conceived venture before it ever started. But it's also totally unsurprising. Gizmodo's not-very-slow descent into left-wing rant rag began a while back. It's clear they have no interest in attempting even the pretense of objectivity anymore. They should just name themselves "Salon" or "HuffPo" so those who like that kind of stuff instead of tech news can feel right at home.

Re:False Positives??

[prisoner-of-enigma]

Sorry to be a kill joy, but this phishing test proved absolutely nothing.

Now now...don't be cruel to the children. They wanted to have their little tantrum/party and if you tell them it was a complete failure they'll just cry, scream, call you racist/sexist/homophobic/xenophobic, demand a safe space, and petition to have you fired so they can prove they're more tolerant than you.