Indeed it was stupid for someone to send a large sensitive dataset over email. But what I find annoying is the lack of chatter about which email servers were compromised.
Was it Microsoft, considering probably 90+% of all gov agencies use it?
Indeed it was stupid for someone to send a large sensitive dataset over email. But what I find annoying is the lack of chatter about which email servers were compromised.
Was it Microsoft, considering probably 90+% of all gov agencies use it?
Ah, that differs from what I thought I heard on BBC. On BBC, they said the sender of the email accidentally attached the entire dataset, when they meant to only transmit a few records. BBC did not imply at all that the destination was also incorrect. So, I guess there are conflicting stories.
I realize that sloppy configs could be in play. But I would expect TLS to be in play in a majority of cases (in which case the compromise would be at the servers). We could probably say vast majority of traffic includes either MS or Google servers. Don’t they insist on TLS? Or is it some kind of lenient opportunistic config?
And if TLS was not in play, then I suppose an interesting question as well is what ISPs are involved in that route.