Should Jack Straw use Hotmail for gov business?
By Asavin Wattanajantra,
UK Justice Secretary Jack Straw has been criticised by a security vendor for using a Hotmail account for government business - an account that was subsequently hacked by Nigerian scammers.
Reports said that the fraudsters sent out hundreds of emails carrying the heading ‘The Right Hon Jack Straw MP’ to constituents, government chiefs and council bosses among others.
Mr Straw's adviser could not be reached for comment at the time of publication, but according to the Telegraph, Mr Straw said there were no security issues as the email address of his Blackburn constituency, rather than his ministerial account, was targeted.
However, Rik Ferguson, solutions architect at Trend Micro, said that he found it shocking that Mr Straw was using a Hotmail account to conduct government business.
He said: “If you go to the Jack Straw website, you’ll see that is what’s listed as his contact email address.
Ferguson outlined why he thought using Hotmail would be a problem: “Number one is that it is out of the control of any of the government IT systems.
“Any of the data within that Hotmail account is not backed up or controlled. And it won’t be accessible via the Freedom of Information Act I would imagine, because it’s not part of government systems.”
Ferguson also said that if Mr Straw was using it for constituency or possible parliamentary business, especially for someone responsible for setting up the hi-tech crime unit, he should have taken the responsibility in using encrypted email.
He said that encrypted mail technology was now available from more than one vendor, but that its full potential wasn't being realised.
Ferguson mentioned laws in the US that prevented politicians from using non-sanctioned email systems to carry out official business. A Federal investigation took place during the US elections when Sarah Palin’s Yahoo account was hacked.
He said: “The law says that if the data isn’t backed up then it can’t be made available by request, then you shouldn’t be using it for government business.”
Microsoft did not reply directly to IT PRO's request for comment on the issue of Hotmail use, but did state that it does not recommend sharing personal account information with third-party websites and that customers who choose to share their account information risk putting their private information into the wrong hands.
Microsoft went on to recommend that, for their own safety and security, users keep their account passwords secret and change them regularly.
You may also like...
You may also like...
advertisement
Latest Security Features
The trials and tribulations of social networking
As a business, you may be examining how to take advantage of social networking sites. Before you leap into the fray, take heed of the mistakes others have made before you.
- NO2ID on fighting the database state
- Building a better password
- Q&A: George Kurtz, CTO, McAfee
- Is mobile malware really a risk?
- Fear and loathing in the Mariposa aftermath
- Public vs private: Which cloud is best for business?
- Q&A: Gerhard Eschelbeck, chief technology officer at Webroot
- How the Digital Economy Act will affect your business
- Cyber war: Modern warfare 2.0
Latest Security Reviews
Kaspersky Internet Security 2011 review
Rating: 
- G Data Software EndpointProtection Business review
- eSoft InstaGate 806 review
- M86 Security Secure Web Gateway 5000 review
- Google Maps Navigation review
- Netgear ProSecure UTM10 review
- ZoneAlarm DataLock review
- SmoothWall Guardian SWG-1208 review
- Symantec Backup Exec 2010 review
- WatchGuard XCS-770 review
advertisement
Most popular
- Government calls mobile broadband spectrum auction
- Sony Ericsson Xperia X10 Mini Pro review
- UK web guru handed key to the internet?
- Samsung Galaxy S review
- 100 million Facebook user info scraped
- HTC Hero to finally get Android 2.1 update
- Top 10 remote desktop applications
- Amazon sets UK Kindle launch date
- Head to Head: Office 2010 vs Open Office 3.1
- Top 10 future trends for mobile phones
Latest News Videos in Security
Video: Why security is everybody's responsibility
PlayRik Ferguson, senior security advisor at Trend Micro says it's up to all of us to make security work.
Whitepapers
Want more background on today's hottest IT trends?
Visit IT PRO's whitepaper library for more on virtualisation, encryption and other topics.
Register for IT PRO
You'll get exclusive member benefits including free whitepapers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.
Not hacked at all - phished
According to the BBC report on this, Jack Straws account was NOT hacked. It appears that a phishing email was sent to his address at Hotmail, which a secretary fell for and thereby gave away login details. "The scam came to light on Thursday when Mr Straw's office received an e-mail saying its account would be suspended unless a reply was sent. But when a member of staff replied, they were blocked out of the account. Constituents then began to phone Mr Straw's constituency office asking about the e-mail they had received. " So let's try to keep the story straight, instead of garnering page hits by generating FUD.
By Ip_muckypups706b on Wednesday Feb 25
Hacked?
That makes no sense. She gave away login details so the scammers got access to the account. This is still hacking - be it with a social engineering scam. The word hacking doesn't have to be a technical term. And anyway, the point of the story was him using Hotmail, not the whys and wherefores of his account being accessed.
By Gz_ashd5ea7475f2 on Friday Feb 27
http://www.rayahari.com
<a href="http://www.rayahari.com/">hack into facebook account</a> Yeah eventually I got the aol password after 10 bloody days. I was told by some from their staff ? <a href="http://www.rayahari.com/hack-Facebook-passwords.php">http://www.rayahari.com/hack-Facebook-passwords.php</a> that they will URL anywhere from 1 to 3 days but it took them 5. customer service wes very friendly but I got 4 replies out of 5 emails I sent to them. At end of the day I am very happy and will use their <a href="http://www.rayahari.com/how-to-hack-facebook-passwords.php">facebook hacking password</a> service again. Thanks for being very professional and fast.<br><br> BTW, I found another website that can <a href="http://www.milanorosa.com/how-to-hack-into-yahoo-hack-someones-yahoo.php">hack yahoo passwords</a> and other one specialized in <a href="http://www.activehackers.com/how-to-hack-into-hotmail-accounts-password-for-100.php">hack into hotmail passwords</a>.<br><br> Diane Calhoun, Lincoln<br><br> England
By Ip_VkbjDjBTdizo3 on Monday Mar 2