Why wouldn’t the reports tell us whom the target of this political phishing scheme was?
The U.S. Attorney’s Office of the District of Massachusetts put out a curious press release, yesterday, reporting the arrest of a 21-year-old woman from Cranston:
Diana Lebeau, 21, of Cranston, R.I., was charged in an Information with attempted unauthorized access to a protected computer. Lebeau will make an initial appearance in federal court in Boston on a later date.
According to the charging document, in or about January 2020, Lebeau sent phishing emails to approximately 22 members of the campaign staff of a candidate for political office. The emails, which purported to be from either the campaign’s managers or one of the campaign’s co-chairs, directed the recipients to put their account credentials into an attached spreadsheet, or to click a link that connected them to a Google Form that solicited the same credentials. Lebeau also allegedly sent several phishing emails to the candidate’s spouse and to others at the spouse’s workplace. The emails, which purported to be either from Microsoft’s “Security Team” or from an employee of the workplace’s technology helpdesk, requested that recipients provide account credentials or other information about their computers by adding it to attached spreadsheets or on a website that mimicked the appearance of the employer’s legitimate website.
Two things make the release curious. First, it says that according to “the charging document, Lebeau did not act with financial or political motive or to benefit any foreign government, instrumentality, or agent.” So what was she doing it for?
Second, the candidates, or even the parties, of the targeted politicians are not mentioned. Why is that? According to voting records, Lebeau is registered unaffiliated.
In any event, it appears we at least have an answer to the mystery of why the FBI raided a Cranston home for a federal investigation last April, as shown in the ABC6 footage used for the featured image to this post.