【adventures in auto-eroticism': economies of traveling masculinity in on the road】

So you've created a strong password,adventures in auto-eroticism': economies of traveling masculinity in on the road kept an eye out for sketchy links, and enabled two-factor authentication — what could possibly go wrong?

Well, it turns out the answer is "you."

SEE ALSO: Here's what we know about alleged NSA leaker Reality Leigh Winner

As the leaked NSA report on Russian efforts to hack the computers of U.S. election officials before the 2016 presidential election demonstrates, we are all often our own biggest security weakness. The document, published by The Intercept, shows that hackers found a way around the protections offered by two-factor authentication that is striking in its simplicity: They asked the targets for their verification codes.

"If the victim had previously enabled two-factor authentication (2FA)," explains a slide detailing the Russian attack, "the actor-controlled website would further prompt the victim to provide their phone number and their legitimate Google verification code that was sent to their phone."

To translate, after tricking victims into entering their email and password into a fake Google site, the hackers found that some victims had 2FA set up on their accounts. This meant that even with the password, hackers were unable to gain access to the Gmail accounts in question — that is, unless they could get the verification codes as well.

Mashable Light Speed Want more out-of-this world tech, space and science stories? Sign up for Mashable's weekly Light Speed newsletter. By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy. Thanks for signing up!

So, again, they just straight up asked for them.

Original image has been replaced. Credit: Mashable

"Once the victim supplied this information to the actor-controlled website, it would be relayed to a legitimate Google service, but only after [redacted] actors had successfully obtained the victim's password (and if two-factor, phone number and Google verification code) associated with that specific email account."

Basically, the hackers were able to bypass the email security measures by requesting that the victims give them the keys to the digital castle.

Once access was gained to the accounts, which reportedly belonged to an electronic-voting vendor, the hackers would then email election officials from the hacked accounts and attempt to trick those same officials into opening script-laden Word docs that would compromise their computers.

It's an elaborate bit of spear phishing, and it reminds us that no matter what digital security practices we put in place, we can all still slip up.

In the face of everyday online threats, the best defense (other than setting up 2FA — which you should definitely still do) might be the simplest: exercise caution with every email you receive, and be paranoid as hell.

In the face of skilled Russian hackers? Well, that one's trickier, but maybe start with not handing over your email password, phone number, and 2FA verification code.

---

Featured Video For You

---

Researchers are using sound to levitate objects, and it's changing the medical industry

---

Topics Cybersecurity Elections

• Tech
• Deals
• Digital Culture
• Games
• Entertainment
• Science
• Life
• Social Good

• SpaceX will try to achieve 2 impressive feats on Monday
• Elon Musk might be the only person who still loves Twitter
• My crush on Kylo Ren in 'Star Wars: The Last Jedi' has me rooting for the dark side
• 'Letterkenny' is the wholesome, filthy, endlessly quotable hangout comedy of your dreams
• Here's how I feel about all this Stephen Hawking 'news' going around
• Two koalas fight it out on the road, because they're not all cute
• TikTok deleted over 7 million accounts supposedly belonging to minors
• Tesla Model S Plaid blasts off in reviews, even without a gear shifter
• Celtic vs. Bayern Munich 2025 livestream: Watch Champions League for free
• Here's how to change the watch face on your Apple Watch

• NYT Connections hints and answers for June 11: Tips to solve 'Connections' #731.
• Using FreeSync with Nvidia GPUs Examined
• Wordle today: The answer and hints for June 10, 2025
• NYT mini crossword answers for June 10, 2025
• 11 Myths About Buying a New 4K TV
• Lego free Planet: How to get free Lego for World Play Day
• Far Cry 5 Benchmarked: 50 GPUs Tested
• Best Beats deal: Save $70 on the Beats Studio Buds + at Amazon
• Best Echo deal: Save $25 on Amazon Echo Show 5
• Revisiting the GeForce GTX 680: GTX 1050 Ti

• Watch Chappell Roan's Grammy acceptance speech demanding healthcare for artists
• 25 ethereal astronomy photos that literally light up the skies
• Elon Musk might be the only person who still loves Twitter
• 'Lovecraft Country' showrunner takes a swipe at HBO after the show's cancellation
• AC Milan vs. Feyenoord 2025 livestream: Watch Champions League for free
• Netflix kicks off R.L. Stine's 'Fear Street' saga with a splash
• Scientists fight back against Trump administration's CDC 'word ban'
• A weird bug can mess up your iPhone's WiFi, but there's a fix
• Cyrix: Gone But Not Forgotten
• 25 ethereal astronomy photos that literally light up the skies

• Man City vs. Real Madrid 2025 livestream: Watch Champions League for free
• Bill Gates's Reddit Secret Santa gifts are truly next
• Sony's Xperia 1 III is now available for pre
• How to change Alexa’s voice
• Even Trump's Earth Day message was anti
• You're using your air fryer all wrong
• Nothing reveals price for its noise
• Madame Tussauds trolls Disney over its horrific Trump robot
• NYT Connections hints and answers for February 1: Tips to solve 'Connections' #601.
• How to reset your Apple Watch