Former US secretary of state was hacked, despite two-factor authentication

Email is an unsecure platform that’s impossible to properly protect currently, former US secretary of state Colin Powell has claimed.

The US army general, who served under four presidents, including as secretary of state under the George W Bush administration, used his keynote speech at Citrix Synergy 21017 to admit to having had his emails hacked twice.

“I’ve been hacked twice and both times … I’ve had double factor authentication, I’ve had all kinds of barriers in the way and they still got in – and the forensics guys can’t find out why,” he told delegates. “So I had to change my lifestyle and go to fax machines, go to texts that are encrypted and use email strictly for housekeeping things.

“They keep giving me new things to do with my emails to protect it, but I no longer have confidence in being able to protect it.” Powell didn’t say when these hacks occurred nor how successful they were.

Indeed, fax has been the communication method of choice for Powell throughout his career, as he feels it’s more secure.

As chairman of the joint chiefs of staff in 1991, he was responsible for the initiation and oversight of Operation Desert Storm. Speaking about when he gave the order to commence the conflict, he said: “We had one of the most perfectly secure means of doing it. Not something you might think of now, but it was the fax machine.

“I had a fax machine in my office, my executive assistant ran it, [my counterpart in the Gulf] had a fax machine in his office and his executive assistant ran it. And by using that secure, covered fax machine I knew that the order only went from one person to one person. It wasn’t a cable that could spread around all over the organisation.”

Powell also spoke of the importance of being reasonable and rational when it comes to organisations deciding what information should be kept secret and what should be treated more openly – lest it prevent people from doing their jobs.

“One of the challenges we’re all facing now [that] I faced when I became secretary of state, is how to make sure you have … [a] system that is getting [information] to where it has to be when it’s needed in order to be actionable,” Powell said.

He said it’s important to “triage” information – treating as secret only the things that need to be secret.

“[You have to] make sure you’re not cluttering the whole system by over-classifying things and by making sure that you have a system that will make that differentiation,” he said.