Slashdot Mirror
A Typo Led To Podesta's Email Hack, Says Report (thehill.com)
tomhath quotes a report from The Hill: Last March, Podesta received an email purportedly from Google saying hackers had tried to infiltrate his Gmail account. When an aide emailed the campaign's IT staff to ask if the notice was real, Clinton campaign aide Charles Delavan replied that it was "a legitimate email" and that Podesta should "change his password immediately." Instead of telling the aide that the email was a threat and that a good response would be to change his password directly through Google's website, he had inadvertently told the aide to click on the fraudulent email and give the attackers access to the account. Delavan told The New York Times he had intended to type "illegitimate," a typo he still has not forgiven himself for making. The email was a phishing scam that ultimately revealed Podesta's password to hackers. Soon after, WikiLeaks began releasing 10 years of his emails.
Clinton campaign aide Charles Delavan replied that it was "a legitimate email"............he had intended to type "illegitimate,"
If that's true, shouldn't they have used "an" instead of "a". These are college graduates after all, right?
That sounds like a really sophisticated Russian hacking effort! I'm glad the CIA is on it!
HIS NAME WAS CHARLES DELAVAN.
https://www.youtube.com/watch?...
Obviously, the IT Staff were infiltrated by the Russians!
Who uses the word "illegitimate" to describe a phishing email? It's more likely the IT guy thought the email was authentic and is now trying to cover for his incompetence.
No, really!
Apparently, there were thousands of typos in the emails themselves. All those racial slurs. All those admissions of collusion with the press and super PACS. All those derogatory things the Clinton campaign was saying about Obama. All the campaign's dirty tricks. All the gaffes in Hillary's paid speeches....They were just all TYPOS!
To hack complete idiots.
Spending billions on cyber-security should fix this
Let me get this straight. This is the sophisticated Russian hacking that influenced the election and made the stupid people vote for Trump instead of Hillary. And, none of the classified emails on her server were stolen by the Russians. Got it! Hillary should have been elected to fight these rotten Soviet spys and protect us from ISIS!
They control him thus they control us. They control us so hard.
Apparently he wasn't tipped off by the start of the email
Comrade Podesta,
Filthy imperialist pigs have hacked into you email. To change your password please click http://www.ussrlives.com/mail/
Seriously- If you haven't enabled MFA on your Gmail account then please don't complain when you get hacked. It takes a couple of minutes- you have no excuse not to.
Most leaks are by insiders. It might be convenient to believe this was a Russian phishing attack, as that fits with the current narrative, but most likely it was a disaffected staffer.
Alternative Right.
https://wikileaks.org/podesta-emails/emailid/36355
[Edited to remove blank lines and phone numbers]
Re: Someone has your passwrd
From:mfisher@hillaryclinton.com
To: slatham@hillaryclinton.com
CC: john.podesta@gmail.com
Date: 2016-03-19 12:14
Subject: Re: Someone has your passwrd
Hi- yes I will call John right away and work on new passwords. He will need
to use my two step verification codes to sign in.
Milia Fisher
[phone number]
On Mar 19, 2016, at 10:07 AM, Sara Latham
wrote:
The gmail one is REAL
Milia, can you change - does JDP have the 2 step verification or do we need
to do with him on the phone? Don't want to lock him out of his in box!
Sent from my iPhone
Begin forwarded message:
*From:* Charles Delavan
*Date:* March 19, 2016 at 9:54:05 AM EDT
*To:* Sara Latham , Shane Hable
*Subject:* *Re: Someone has your passwrd*
Sara,
This is a legitimate email. John needs to change his password immediately,
and ensure that two-factor authentication is turned on his account.
He can go to this link: https://myaccount.google.com/security [Stupid assistant ignored the correct way to chg pass]
to do both. It is absolutely imperative that this is done ASAP.
If you or he has any questions, please reach out to me at [phone number[
On Sat, Mar 19, 2016 at 9:29 AM, Sara Latham
wrote:
> Sent from my iPhone
>
> Begin forwarded message:
>
[Forwarded Phishing Email from Delavan here]
> *From:* Google
> *Date:* March 19, 2016 at 4:34:30 AM EDT
> *To:* john.podesta@gmail.com
> *Subject:* *Someone has your passwrd*
>
> Someone has your passwrd
> Hi John
>
> Someone just used your password to try to sign in to your Google Account
> john.podesta@gmail.com.
>
> Details:
> Saturday, 19 March, 8:34:30 UTC
> IP Address: 134.249.139.239
> Location: Ukraine
>
> Google stopped this sign-in attempt. You should change your password
> immediately.
>
> CHANGE PASSWORD
>
> Best,
> The Gmail Team
> You received this mandatory email service announcement to update you about
> important changes to your Google product or account.
>
--
-Charles Delavan
HFA Help Desk
The HFA Operations Team is here to support you. Let us know how we’re doing .
by filling out a brief survey
So the help desk actually provided the correct URL to change the password, but the assistant went on click the phishing bit.ly link. Funnily enough, the HelpDesk monkey's sig contains a link to a survey using A BIT.LY LINK! LOL>
You mean he didn't check the url where he was giving his new password, he didn't log into Google directly, he didn't to make sure that the email was really sent from someone at Google.
He blindly clicked on a link in an email and gave up his password.
And this proves that Russia hacked is account.
All this proves is that John Podesta is an idiot.
The Russian psychic warfare department strikes again! We really need to stop those evil Russians meddling with our democracy! Who knows in what other nefarious ways they use their psychic superpowers!
If a typo led to Podesta's email hack, what would have revealed Abedin's emails to the feds while they were searching Wiener's?
The excuse not to is that MFA using SMS can be used to remotely take over your account. It only takes a minute to do!
"It looks like you're trying to get a non-PC man-child elected. Would you like help?"
I find it curious that so many of the folks posting here are confusing the act of someone clicking on a phishing link as proof positive that -- contrary to US intelligence agencies reporting -- the illegal access to Podesta's email account was not in fact the result of a Russian operation.
Normally the slashdot folks are smart. What happened here?
This is a wonderful result.....
Oops typo. I meant to say this is a display of the worst incompetence.
If you have direct evidence that on average progressives make such mistakes more than conservatives, I'll give you kudo points. Otherwise, stick it up your troll-hole using repetitive and intense motion.
Table-ized A.I.
...we continue to talk about the HACK and who did it, not what the emails showed.
-Styopa
Really, if he's going to be changing the password after receiving every phishing scheme message there isn't going to be much time left for actually doing work.
All that he had to do was reply, "It's a scam to try and get you to enter your password on a bad guy's website. Delete the email and forget about it." Then write up a message that provides a few more details to be distributed to everyone that basically says the same thing because if one person asks you know that more than one person has that question.
General pactice when someoe is being tageted is t asume other attaks fromm other vectors are in pogress som of which may be crack-basd.
I can titaly see this happening what wit today's autocorect, IT people not bein traned in gramar and always rushin, an the godamn suck ass chiclet keybords in us today.
Someone had to do it.
Weiner was being investigated for a new instance of child molesting (an underaged post-pubescent young woman, but we get weird about that stuff) and the Weiner household apparently was sharing machines and a bunch of Abedin's email was on one of the machine seized. It's really appalling that those emails were being tossed around so recklessly by various parties involved.
Of course it is a "legitimate e-mail". There is no such thing as an "illegitimate e-mail".
It came from exactly who it purposrted to come from: evilhacker@accountsrus.org.
Eight years ago these people mocked McCain as "out of touch" for his reluctance to use a computer...
Turns out, they need two layers of aides themselves to be able to tell an e-mail scam... Hypocrite scum.
In Soviet Washington the swamp drains you.
I've had the misfortune of having to deal with a few of these types that went to college to play politics and never grew up.
They like to call it "Political Science", but as valid a study as it is the "science" bit just doesn't cut it. When a manager has come in via a political track it is important to use small words instead of communicating as if they had studied science, engineering or literature. People who have not been to college at all usually make up the slack, but on the political track they are overconfident and don't bother to fill in the gaps.
So dumb it down, check it over, then dumb it down a second time. Use words like "scam" instead of illegitimate. If utter stupidity lies in one direction do not be afraid of using outright profanity to point it out.
Only a liberal would be stupid enough to believe this fake news story: that an e-mail claiming the phishing scam is legitimate and recommending immediate action can be attributed to a mere typo. Only a liberal would not feel its intelligence insulted by such an obvious, careless, reckless lie. The IT guy was incompetent for believing this cheap rise and Podesta was incompetent for falling for it and relying on an incompetent IT guy. End of story.
The most reasonable answer as to why so many Huma work emails were on a forgotten laptop is because she set her laptop to download work emails and store them instead of simply using it to access a webmail portal on the server...
Ken
Exactly. Having done this for a few years, CLEAR LANGUAGE is very important. There are english courses dedicated to that concept, but its pretty simple to grasp.
"Yes, that's probably a virus. Delete it."
While not exactly technically accurate, leaves absolutely no ambiguity. You would never tell the user to change their password, because obviously, they are being told that already by a third party so you telling them that would be an explicit validation of the problem and cause them to immediately act on it.
That he says a typo is to blame is icing on the cake really. Like someone who went over reading bad correspondences they made and desperately searching for any reason that it is not their fault.
Language of course, can only help if your direction is sound. And with that many screw ups in a tiny email, it was clearly not. This guy does seem like a bad admin at this point and perhaps, clueless. lor knows there are plenty of them
-
I got a letter (actual paper sent via USPS) telling me that a healthcare provider suffered a data breach and my personal information has been stolen from them.
It tells me to go to a website to get a year of free credit monitoring and enter a customer number they have assigned me. I've never heard of this website. Warning bells go off, but as long as I only enter the customer number they assigned me what harm can it do? It seems legit. I really did use that healthcare provider. (So did thousands if not millions of other Americans who live near me). Google searches don't show any indication that it's a scam, but I shouldn't rely on that alone, should I?
And when I enter my customer ID number, it pulls up a form with my name and address already filled in (how else would they snail-mail me if they didn't know that) and it asks me to fill in my Social Security Number.
I actually think it's legitimate, but I'm not going to enter my SSN into some website just because someone sent me a physical letter instead of an e-mail, especially some website I never heard of.
10 years ago, I used weak passwords and often used the same password on different sites. Now I don't. There's no reason anyone in Podesta's position should be even more paranoid and careful. Did I go to g00gle.com or google.com?
Oddly enough, a few weeks ago I mis-dialed a bank and got a telesquatting number. If they had used a reasonably believable voice mail system I would have been fooled. Instead of the usual system I get when I call that bank I got a bunch of scatter-shot ads offering to save me money on everything from insurance to mobile phone service. If they had only asked for my banking credentials mimicking the bank's system I might have fallen for it.
I let the bank know. I don't think they care much.
and you're bound to get one through. Weight of fire. And it's easy when you've got (Russian) pros firing the Ammo non-stop every day.
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
It's amazing how they didn't manage to link to any of the actual emails or other original sources on this. No, I don't want to read your other 10 related articles on the subject, I'd like to see the damned emails in question, please.
I covered this exact story quite thoroughly just the other day, not to mention several other comments which you can find if you go back further, wherein I covered the DKIM signatures, stats on the bit.ly link to the phishing page, etc. which all proved this to be real.
We figured this out many weeks ago, they're really behind the times on this one. Anyone who read /r/wikileaks could have told you about this a long time ago.
Why would you use an email link to change your password anyways, given the possibility of a faked or hijacked domain ? You should obviously go to the source and perform admin functions though the official tools and channels provided by that source even if someone vetted the email for you.
errr....umm...*whooosh* *whoosh* Is this thing on ?
* top secret data got onto Weiners laptop
* UNENCRYPTED WEB-FACING EMAIL SERVER w/top secret data
YOUR NOT WORTH MY F-KN BREATH
Sony wants you to click on links in emails to change your password. They sent me one several times. When I finally needed to do something with the account, I went on their site and they sent me an email. not with a code to enter, like Steam does sometimes for additional authentication, but a link.
Neother party are particularly transparent but guess which one had their so called leader compromise and sell out state security to Saudi Arabia and other countries through her private mail server. Guess which party allow themselves to be hacked through incompetence. Which one is more of rhe same surrounding that mselves with more useless crony lawyers when the GOP has just selected a civil engineer for secretary of state and a former surgeon from a poor background as HUD secretary. Stop warping reality to fit your failed choices.
Podesta and the rest of the Clinton camp seem to like to blame others for their carelessness. Not sure if any of them know how to properly secure their data? Doesn't matter who gained access to that information, the real problem is that you allowed it to happen in the first place.
Next time express contrasting ideas with words that have a greater Hamming distance; otherwise this is a recipe for a disaster.
The saddest poem
Hillary: Screwing over IT departments since 2008.
https://en.wikipedia.org/wiki/For_Want_of_a_Nail
So this guy is ultimately responsible for the noise that lost the election? Changing your password every time you get a spearphishing email is a bad strategy.
But that's the weird thing. When I got my first Windows XP computer, I discovered the login, and my wife then suggested that we have different login accounts, and liked that feature. It wasn't there in Windows 95 or 98, but since XP merged both the win32 codebases, it ended up having it.
So even if they shared the computer, Huma could have had a separate login. Assuming that they used an email client like Outlook, I'll guess that it would have had both his and her email accounts. So while browsing his emails, they'd have stumbled across hers, and thereby ended up re-investigating her.
HRC, all her other blunders notwithstanding, can thank this couple for snatching the election from her, and get them a one way ticket to Mecca
How does this surprise me. Humm, socialist leaning, ignorant, dumb, ID10T, whining little man. So sorry you were hacked by your own, and by extension, an absent, overworked, and equally ID10T IT folks. Unreal, really... We have been sitting on internet related security for over a decade and they, being the entitled, still feel like they can just ignore everything. And they know best, right?
Did Putin himself crafted this email? Mainstream media are keen on this fact. That Putin is pimping entire world and USA is his ho'.
Phishing isn't hacking.
I don't see how the election is tainted because the losing side did a loser thing with their own email account.
Ok, so now we are to believe, the email was hacked due to a typo? If that is the case, then WHY did this clown put "YOU NEED TO CHANGE YOUR PASSWORD"? If it was suppose to be "IL"legitimate, why would you tell him to change his password? Short answer...he SCREWED UP and these clowns got hacked, because some boob thought a scam email, was a legit email. hahhahahhahahhahha
Finally delivered on transparent and open government :P
The emails revealed nothing special, just stuff everyone does, Trump's campaign too.
Hiring people to pretend to be supporters of the other side and disrupt public events by initiating felonious physical attacks on other people?
1) Please show evidence that Trump's operation EVER did this.
2) Since when is "Everybody else does it too!" a defence for committing a felony? (There are a LOT of criminals who would like that to work in court.)
Sorry, mrclevesque, but statements like that say more about your own ethics than they do about those of people who either did not do, or at least did not get caught doing, the actual crimes the people you're defending DID get CAUGHT doing.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
I thought that all 3-letter agencies were absolutely sure that Russians were behind this and other state-of-the-art hacks. And now it turns out there was a basic phishing and illiterate politician. Do they owe Putin a pint for the trouble, or it's OK?
There are studies showing people who smoke marijuana or look at porn have smaller brains.
Repubs do it also, but in the closet.
Table-ized A.I.
"Hiring people to pretend to be supporters of the other side and disrupt public events by initiating felonious physical attacks on other people? 1) Please show evidence that Trump's operation EVER did this"
I'm not going to believe you automatically, please show me evidence for your claim
First rule of email security. Don't keep your emails on the server! I delete mine off the server after one week. Silly kids. And, now we got Trump.
I'm not going to believe you automatically, please show me evidence for your claim.
Go to youtube and search for "project veritas" (I through III or so) for hidden camera videos of the operatives explaining what they did. (The Clinton campaign fired them immediately after this came out, of course.)
There's corroboration in the WikiLeaks data dumps, but that takes more digging.
There was lots of news coverage on it. (But not much in the mainstream media, of course. B-) )
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
(My reply ended up as a peer rather than a child, so I'm repeating it...)
I'm not going to believe you automatically, please show me evidence for your claim.
Go to youtube and search for "project veritas" (I through III or so) for hidden camera videos of the operatives explaining what they did. (The Clinton campaign fired them immediately after this came out, of course.)
There's corroboration in the WikiLeaks data dumps, but that takes more digging.
There was lots of news coverage on it. (But not much in the mainstream media, of course. B-) )
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
Like I said the emails revealed nothing special, just stuff everyone does, Trump's campaign too.
On the youtube video montage, it shows people boasting about their unethical campaign tactics, again nothing special, unethical tactics aren't new and aren't limited to the democratic party.
I mean none of this is surprising, sure it would be better if business people, politicians and their supporters were more ethical, transparent, and legally above board in their dealings.
There is no such thing as secure email. Every message is present on every server in the internet chain. Anyone with access to any net server, can set up scans of them as desired.
And these people wanted the keys to the "nukes" ! Gack! 8-P
If you have direct evidence that on average progressives make such mistakes more than conservatives, I'll give you kudo points. ...
Maybe we should say: Politician and Lawyers make such mistakes more than Human beings... ?
Booya!
http://www.businessinsider.com...
Table-ized A.I.