Slashdot Mirror

← Back to Stories (view on slashdot.org)

A Typo Led To Podesta's Email Hack, Says Report (thehill.com)

Posted by BeauHD on from the auto-correct dept.

tomhath quotes a report from The Hill: Last March, Podesta received an email purportedly from Google saying hackers had tried to infiltrate his Gmail account. When an aide emailed the campaign's IT staff to ask if the notice was real, Clinton campaign aide Charles Delavan replied that it was "a legitimate email" and that Podesta should "change his password immediately." Instead of telling the aide that the email was a threat and that a good response would be to change his password directly through Google's website, he had inadvertently told the aide to click on the fraudulent email and give the attackers access to the account. Delavan told The New York Times he had intended to type "illegitimate," a typo he still has not forgiven himself for making. The email was a phishing scam that ultimately revealed Podesta's password to hackers. Soon after, WikiLeaks began releasing 10 years of his emails.

6 of 274 comments (clear)

  1. Re:Article disagreement by Anonymous Coward · · Score: 2, Interesting

    Who talks like that anyway? I would say something like "this is a scam, don't listen" or "this is fake"

  2. Re: Article disagreement by saloomy · · Score: 3, Interesting

    Some people who are professionals or trying to appear that way for position in a future administration may talk that way. Maybe an autocorrect change "an legitimate email" to "a legitimate email". That being said, I'm still glad we had access to this information as voters. It led us to a more informed decision vs. just a "public position" to go off of.

  3. Re:Idiot by Anonymous Coward · · Score: 2, Interesting

    >The fact that both DNC and RNC were hacked, but only the choicest bits of embarassing stuff from the DNC hacks were leaks, strongly suggest Russian involvement with the intent of benefiting Trump in the general.

    Except the Chairman of the Republican National Committee, Reince Priebus, said the RNC was not hacked.

    “The RNC was absolutely not hacked,” Priebus said.

    “Well, it’s really simple,” he added, when asked to explain the report. “Because when the DNC was hacked, we called the FBI and they came in to help us. And they came in to review what we were doing and went through our systems, went through every single thing that we did.”

    “I don’t know of any employees, on any of their own Gmail accounts, that was hacked,” he continued. “So what I’m trying to tell you is the RNC was not hacked, number one.”

    Keep trying!

  4. Re: Article disagreement by kenh · · Score: 3, Interesting

    But it turns out they fell for a common phishing scam written by some script kiddie. How does this make them look less incompetent?

    Podesta used G-fucking-mail... HRC used a homebrew server for convienience... The DNC ran an UN patched Exchange server on Windows... I believe these are textbook definitions for incompetence!

    --
    Ken
  5. Re: Lots of typos by kenh · · Score: 3, Interesting

    You can bet that the various Republican counterparts to Podesta have written much, much worse in their own email records;

    What a childish claim - why would the contents of RNC emails be 'much, much worse'? You could conclude that they likely have similar things in their emails.

    the only reason you don't know for sure is because it suits Russia's purpose to withhold that information from you for the time being.

    Or the RNC email server was secure?

    Or the RNC emails weren't as 'explosive'?

    Or the RNC simply wasn't targeted?

    Or any of a hundred other reasons...

    --
    Ken
  6. Re: Article disagreement by Xenographic · · Score: 4, Interesting

    They leaked some old ones, actually: http://www.nytimes.com/2016/10/02/us/politics/donald-trump-taxes.html?_r=0

    As for this story, it makes no sense. The email in question is here and for some reason, I was unable to find any links to it in either article. As an aside, why do media outlets fail so badly at citing sources like this? It should be utterly basic journalism, but the major papers routinely fail to do this very basic step and wonder why bloggers eat their lunch... This was first reported many weeks ago, they're severely behind the times on this. I mean, you know it's bad when you're scooped by Slashdot commenters.... sheesh!

    Back on topic, the relevant part of the response to the spear phishing email says this:

    This is a legitimate email. John needs to change his password immediately, and ensure that two-factor authentication is turned on his account. He can go to this link: https://myaccount.google.com/s... to do both. It is absolutely imperative that this is done ASAP.

    If you or he has any questions, please reach out to me at [redacted]

    It's definitely an illegitimate email, but there's more wrong with the statement above than just typing "a legitimate email" instead "an illegitimate email." Being illegitimate means they DON'T yet have his password, so there would be no reason to change it and no good reason to advise that! Two-factor authentication, however, is very reasonable.

    We know from the stats on the bit.ly link to the phishing page that Podesta didn't follow his instructions to go to https://myaccount.google.com/security though, and it's true that we can't hold Charles Delavan responsible for that part.