A Typo Led To Podesta's Email Hack, Says Report

tomhath quotes a report from The Hill: Last March, Podesta received an email purportedly from Google saying hackers had tried to infiltrate his Gmail account. When an aide emailed the campaign's IT staff to ask if the notice was real, Clinton campaign aide Charles Delavan replied that it was "a legitimate email" and that Podesta should "change his password immediately." Instead of telling the aide that the email was a threat and that a good response would be to change his password directly through Google's website, he had inadvertently told the aide to click on the fraudulent email and give the attackers access to the account. Delavan told The New York Times he had intended to type "illegitimate," a typo he still has not forgiven himself for making. The email was a phishing scam that ultimately revealed Podesta's password to hackers. Soon after, WikiLeaks began releasing 10 years of his emails.

Article disagreement

[suso]

Clinton campaign aide Charles Delavan replied that it was "a legitimate email"............he had intended to type "illegitimate,"

If that's true, shouldn't they have used "an" instead of "a". These are college graduates after all, right?

Re:Article disagreement

Who talks like that anyway? I would say something like "this is a scam, don't listen" or "this is fake"

Re:Article disagreement

[sexconker]

Yup. This is just CYA bullshit designed to make them look less incompetent. We're all made typos, right?

It coudl happent o anyone!

Re:Article disagreement

[Ungrounded+Lightning]

Clinton campaign aide Charles Delavan replied that it was "a legitimate email"............he had intended to type "illegitimate,"

If that's true, shouldn't they have used "an" instead of "a". These are college graduates after all, right?

Depends on the layer of his mind where the mistake was made. If it is above the abstraction layer of the grammar processing for emitting the typo, he would emit a grammatical but erroneous-in-multiple-words statement.

Re:Article disagreement

Legitimate or not, the huge thing that everyone should know is [b]never[/b] to use an email to log into an account.

Re:Article disagreement

[suso]

We're all made typos, right?

Don't you mean "we've"?

Re:Article disagreement

[Man+On+Pink+Corner]

Agreed, Delevan's explanation is BS. But it's interesting to consider how often this sort of thing will happen when we're all using voice recognition on a day-to-day basis. The difference between "This is a legitimate email" and "This is an illegitimate email" can be very subtle depending on the speaker's accent, background noise, and any number of other factors.

If Delevan were the sort of person who thinks on his feet, he'd have blamed voice recognition instead of a typo.

Re:Article disagreement

[networkBoy]

The difference is "n il", as in two mistakes, one being the use of an "a" instead of an "an". This rules out a simple typo.

I read that as the difference is nil... heh. while on the topic of mistakes...

Re:Article disagreement

[PolygamousRanchKid+]

These are college graduates after all, right?

. . . so what other "typos" did they make that we don't know about . . . ? Maybe they wrote users telling them to turn their firewall and anti-virus "off" . . . but they meant to write "on" . . . ? It's just a typo.

So, instead of Trump employing Master Russian Hackers to swing the election . . . it just turns out that Hillary's staff are not aware of basic computer security essentials.

Typical Hillary: Following computer security policies is for "little people" and "deplorables", not for elite folks, like herself.

Re:Article disagreement

[Tempest_2084]

Woosh!

Re: Article disagreement

[saloomy]

Some people who are professionals or trying to appear that way for position in a future administration may talk that way. Maybe an autocorrect change "an legitimate email" to "a legitimate email". That being said, I'm still glad we had access to this information as voters. It led us to a more informed decision vs. just a "public position" to go off of.

Re:Article disagreement

[grcumb]

We're all made typos, right?

Don't you mean "we've"?

WEAVE! Duh!

Fucking apostrophes....

...
..
.

:-D

Re:Article disagreement

[ShanghaiBill]

Who talks like that anyway?

Lawyers. If you are paid to obfuscate, it eventually becomes second nature, and you fail to communicate clearly even to your friends and family.

Re:Article disagreement

[whoever57]

What about the second part, where he told him to change his password? There isn't a single letter typo that can reverse the meaning, plus, if there is no action, then "immediately" is completely redundant.

No, this is a poor cover story from someone who fucked up massively.

Re:Article disagreement

[ShanghaiBill]

This is just CYA bullshit designed to make them look less incompetent.

I am confused. Up till now, I thought they were the victims of sophisticated Russian ex-KGB agents using quantum cryptanalysis. But it turns out they fell for a common phishing scam written by some script kiddie. How does this make them look less incompetent?

Re:Article disagreement

[quantaman]

Clinton campaign aide Charles Delavan replied that it was "a legitimate email"............he had intended to type "illegitimate,"

If that's true, shouldn't they have used "an" instead of "a". These are college graduates after all, right?

He doesn't mean typo in the sense that he meant to write "illegitimate" and wrote "jllegitmate".

He meant typo in the sense that he thought "oh that's an illegitimate email" and intended to write something to that effect, but ended up writing something completely opposite.

Just think back to the times you proofread and found a typo, sometimes it's a mistyped word, and sometimes you find words that are radically different than you intended.

Of course that doesn't mean he's telling the truth, it does seem odd that he's tell Podesta to change the password in response to a phishing request. Though it does clear Podesta a bit, as he was mostly following ITs orders (though he did click the link from the "legitimate email" instead of the link from the IT email).

Re:Article disagreement

[ShanghaiBill]

the huge thing that everyone should know is never to use an email to log into an account.

Technology is failing if it falls on individuals to remember rules like this. They won't. Instead, services like Gmail, Yahoo, etc. should detect when emails contain fake links to login pages for email accounts or financial institutions, and warn the user that they are about to do something dumb.

Re:Article disagreement

[Swave+An+deBwoner]

Russian to English translation is not easy. Please give dispensation.

Re: Article disagreement

[SCPaPaJoe]

Thank god for Mother Russia!

Re:Article disagreement

[Orgasmatron]

Before pointing out the big obvious problem with that idea, I'll pause for a moment so that you can go check the links in some of your legitimate email. After you've had a bit of time to sob quietly, if you are again feeling brave, check the relay paths and senders of some of that crap.

Oh, and also some of us run our own mail services, but we generally know better than to click links in emails.

Re:Article disagreement

[Tablizer]

If that's true, shouldn't they have used "an" instead of "a"...

Maybe he used a grammar checker, which flags grammatical errors but not intent errors, of course.

(Intent checkers are perhaps the Next Big Thing/Buzzword. Unless they resemble Clippy too much.)

It's amazing to think that one typo may have changed the course of the election, and history. Butterfly effect for sure.

Re:Article disagreement

[Jeremi]

No, this is a poor cover story from someone who fucked up massively.

First rule of politics: never voluntarily admit to any wrongdoing, because everyone will immediately assume that your admission is actually a coverup for something worse, whether it is or not.

In this case, though, it's hard for me to imagine what could be worse. What do you think the actual mistake was?

Re:Article disagreement

[Jeremi]

Technology is failing if it falls on individuals to remember rules like this. They won't. Instead, services like Gmail, Yahoo, etc. should detect when emails contain fake links to login pages for email accounts or financial institutions, and warn the user that they are about to do something dumb.

Agreed, they should -- but even then it won't be sufficient, since the clever scammers will constantly be putting up new fake pages that Gmail/Yahoo/etc won't necessarily be able to detect. Gmail/Yahoo/etc can only do so much to protect users, short of a wholesale replacement of email with a more secure communications mechanism.

I think if there is one silver lining to this whole fiasco, it's that government and politicians might finally start taking seriously the need for proper online security measures. In particular for people in sensitive positions (like Podesta), some mandatory security training and mandatory use of two-factor authentication, dedicated authentication hardware, etc, would go a long way.

Re:Article disagreement

[Solandri]

To me, "illegitimate" is one of those words which seems to be semi-archaic in modern English. To my ears, it sounds right to use it only in certain legal contexts. e.g. An illegitimate search, an illegitimate child, etc. In the context of a phising email, I would simply say "that's not a legitimate email." And that's rather easy to corrupt into "that's a legitimate email" if you're thinking 5 words ahead of your typing.

Of course I proofread my emails before hitting send to avoid these problems. And Delavan claiming he meant "illegitimate" rather than "not legitimate" decreases the possibility that this explanation is correct. Just wondering what native English speakers think. Despite living here 45 years and English being my best language, it isn't my native language and some of the intricacies still elude me.

Re:Article disagreement

On a serious note, in the federal government we have this initiative to try to use plain language as much as possible. Of course the only reason why this is of note is that too many people don't.

On a more funny note regarding lawyers, I volunteer to interview college applicants, and at a training session the speaker specifically said to try not to bring your work into the recommendation, citing as an example a lawyer alum who started his letter "The defendant..."

Re:Article disagreement

[Cmdln+Daco]

The technical term for that is that it was a 'brain fart'. Brain farts can happen to anybody. As evidenced here, when a brain fart happens you can even re-correct the words around the 'typo' as in using 'a' instead of 'an.' The takeaway is that it was ordinary low-level phishing that cracked Podesta's account. The Clinton team wasn't even invulnerable to plain vanilla phishing. Is Podesta even in any kind of position now where his computer illiteracy could get him in trouble again? The team he was on lost, and he's very tied to the fortunes of Ms. Clinton and probably won't be the head of anybody's campaign again.

Re:Article disagreement

[quantaman]

The technical term for that is that it was a 'brain fart'. Brain farts can happen to anybody. As evidenced here, when a brain fart happens you can even re-correct the words around the 'typo' as in using 'a' instead of 'an.'

Agreed though I wouldn't necessarily call "brain fart" a technical term.

The takeaway is that it was ordinary low-level phishing that cracked Podesta's account. The Clinton team wasn't even invulnerable to plain vanilla phishing.

Well they did have protocols to protect against phishing, and those protocols were followed, but one of the people in that chain made a fairly epic screw up, and fundamentally no organization is immune to someone making an epic screw up.

And remember the RNC was also hacked, so this isn't a case of one side being incompetent.

Is Podesta even in any kind of position now where his computer illiteracy could get him in trouble again?

He was computer literate enough to delegate the tasks he didn't understand, unfortunately the people he delegated to screwed up.

The team he was on lost, and he's very tied to the fortunes of Ms. Clinton and probably won't be the head of anybody's campaign again.

Maybe, maybe not. He's still an extremely competent individual, though I'm not sure if he'd be interested in running a campaign for someone other than a Clinton.

Re:Article disagreement

[ark1]

Because he believed it was a legitimate email, he trusted the embedded link to reset the password.

Re:Article disagreement

[rtb61]

Of course the other big woosh in this is the excuse. We have all made mistakes but I never remember adding extras letters and reversing the definition. Of course normal response in IT circles when phishing email is questioned, is fuck no, do not touch it, I will be right there to check it, this because phishing attacks are normally picked up by filters and any suspect ones that get through become an immediate concern because they represent a greater threat. Of course if you set up your insecure email server in a bathroom with intend to destroy all records if you do not have time to edit out the ones you do not want, meh who gives a fuck, arrogant criminals in government who can completely distort the application of justice as far as their criminally corrupt arse is concerned, well, security that a problems for the plebs. You just know some extremely bad file attachments will leaked out and that's what all the real fuss is about, you could imagine splashed all over Russian media and they after some time censored versions on grudgingly put on western media. When they start to arrogantly ignoring network security, they always go nuts become idiots and starting pushing the limits, no matter where they work government or private, right up until they are brought crashing down to earth. Nobody tolerates fuck ups in the end and they readily toss them out as sacrifices to the appearance of justice.

Re:Article disagreement

[dbIII]

Personally I think the major failure here was to outsource something important enough that a fuckup could cost them an election. Hence the cascading failure where nobody inhouse could do anything about it and they had to trust a naive user and a third party.

Re: Article disagreement

[kenh]

Wow, Democrats keep using that word 'transparent' - I do not think it means what you think it does.

'Transparent' does not mean - take years to respond to FOIA requests.

'Transparent' does not mean - turning over hand-picked work emails two years after leaving office.

'Transparent' does not mean - anything embarrassing can be kept private due to 'executive privlege.'

'Transparent' does not mean - crying like a stuck pig because your embarrassing emails were made public against your will.

Re: Article disagreement

[kenh]

But it turns out they fell for a common phishing scam written by some script kiddie. How does this make them look less incompetent?

Podesta used G-fucking-mail... HRC used a homebrew server for convienience... The DNC ran an UN patched Exchange server on Windows... I believe these are textbook definitions for incompetence!

Re:Article disagreement

[dbIII]

I said this elsewhere but I think the massive fuckup was outsourcing.
If it was inhouse they could just change the password and ring the guy up and say "your new temporary password is sword-a-da-fish". Yes, it does sound a bit Marxist to do it that way, but if you want to keep stuff secret paying an advertising agency to handle your email is not a good step.

Re: Article disagreement

[ShanghaiBill]

Podesta used G-fucking-mail...

What's wrong with Gmail?

HRC used a homebrew server for convienience...

That may have been illegal, but I don't see how it demonstrates technical incompetence. Since there is no evidence it was hacked, I would say it demonstrates the opposite.

Re:Article disagreement

[msauve]

If that's true, shouldn't they have used "an" instead of "a".

Shhh. You're disturbing the narrative. How can they be expected to place blame on others, if they have to accept personal responsibility? It was Comey's fault, anyway. Or maybe the Russkie's. Someone other than them, anyway.

Re: Article disagreement

[Cmdln+Daco]

I hear, at least on 'fake news' sites or in the comment sections of news sites ('fake' or not) that the Clinton email server was penetrated by at least 5 Foreign governments.

Now, it may have been contrived made-up garbage, because there was certainly a shitstorm of that going around during the election, but can you or anybody else provide an authoritative link showing that there is no evidence Clinton's email server was hacked?

Much appreciated, because we need this stuff nailed down.

Re: Article disagreement

[imadeyoureadpoop]

'Transparent' does not mean - take years to respond to FOIA requests

I take it you've read Donald Trump's tax return then?

Re:Article disagreement

[Cmdln+Daco]

It's shocking how much incompetent IT departments are in allowing Google inside their corporate structure. The company I work for now has replaced all in-house email services with a corporate-wide Gmail. Furthermore, our systems are 'locked down' in the respect that we cannot install any software on the systems (Windows 7) but the whole Google Apps suite is available to us, though I have never heard anybody in IT talk about that fact. We still use MS Office, but there are corporate 'template' type spreadsheets used for things like our timesheets. They are password protected with 'locked down' fields that cannot be edited by the employee, and some of the locked fields are just annoyances. I can open said spreadsheets in Google Docs and the locked cells are no longer restricted.

Re: Article disagreement

[I'm+New+Around+Here]

You can get someone's tax returns through FOIA requests now? I didn't know that.

Re:Article disagreement

[Cmdln+Daco]

Probably what he should have done in the reply is not include the body of the message being discussed as part of the response, including the fraudulent link to change the email. . There was no reason for him to have chained the response along containing any of that information and the phishing link to click on.

Re: Article disagreement

[Xenographic]

They leaked some old ones, actually: http://www.nytimes.com/2016/10/02/us/politics/donald-trump-taxes.html?_r=0

As for this story, it makes no sense. The email in question is here and for some reason, I was unable to find any links to it in either article. As an aside, why do media outlets fail so badly at citing sources like this? It should be utterly basic journalism, but the major papers routinely fail to do this very basic step and wonder why bloggers eat their lunch... This was first reported many weeks ago, they're severely behind the times on this. I mean, you know it's bad when you're scooped by Slashdot commenters.... sheesh!

Back on topic, the relevant part of the response to the spear phishing email says this:

This is a legitimate email. John needs to change his password immediately, and ensure that two-factor authentication is turned on his account. He can go to this link: https://myaccount.google.com/s... to do both. It is absolutely imperative that this is done ASAP.

If you or he has any questions, please reach out to me at [redacted]

It's definitely an illegitimate email, but there's more wrong with the statement above than just typing "a legitimate email" instead "an illegitimate email." Being illegitimate means they DON'T yet have his password, so there would be no reason to change it and no good reason to advise that! Two-factor authentication, however, is very reasonable.

We know from the stats on the bit.ly link to the phishing page that Podesta didn't follow his instructions to go to https://myaccount.google.com/security though, and it's true that we can't hold Charles Delavan responsible for that part.

Re:Article disagreement

[redmid17]

To me, "illegitimate" is one of those words which seems to be semi-archaic in modern English.

Then despite being a native English speaker and almost certainly literate, I would ask you to brush up on day-to-day Englsih and your O-level English certs (or whatever they are now(.

Re:Article disagreement

[jandrese]

They're trying to look less incompetent by saying that the staffer got taken in by a phishing email?

Re:Article disagreement

[AK+Marc]

What does that matter? The email is either Gmail, or hosted Exchange. One you contract for the email as a service, the other you contract for the server (infrastructure) as a service. In both cases, someone else can read your emails without you knowing. On-prem Exchange to Office 365 hosted email is an easy transition, and Office 365 has all sorts of security endorsements.

How is Gmail worse than Office 365 email?

Re:Article disagreement

[Calydor]

The ones I usually see are people typing 'do' and 'can' instead of 'don't' and 'can't'.

As far as this goes, he was intending to err on the side of caution. This one aide reports one email - but have there been other emails? Has a link been clicked already? Going PROPERLY to Google and changing the password would be a 'no harm done' situation, and I suspect that's what he was aiming for.

And then human error happened.

Re:Article disagreement

[dbIII]

The email is either Gmail, or hosted Exchange

This is slashdot, you should know better than to think those are the only choices.

If getting your stuff in the newspaper is a catastrophe then expecting a third party and everything on the way to them to keep your secrets is just asking for trouble.

BTW, the MS Exchange suite is very well named. The best thing to do with it is to exchange it for a different collection of software.

Re: Article disagreement

[RuffMasterD]

Why don't you prove to us all how smart you are by telling us what is wrong with Gmail instead of anonymously insulting people?

Re:Article disagreement

[Maritz]

There's usually, but not always, one.

Re: Article disagreement

[Maritz]

I believe you lack tremendous amounts of knowledge.

Everyone lacks a tremendous amount of knowledge. (Yes even slashdot denizens, contrary to the evidence).

Re: Article disagreement

[Maritz]

It makes no sense to ask for a link to no evidence. That's the opposite of how shit works. The null hypothesis is that there was no hack. You go find real evidence that it happened. Done.

Re: Article disagreement

[Maritz]

People read fake news because it warms the cockles of their heart.

Re: Article disagreement

[Maritz]

Podesta used G-fucking-mail...

What's wrong with Gmail?

If you are on Slashdot and don't know the answer to what is wrong with using gmail to send and receive private and confidential email, then I hope you get replaced by an H1B.

I expect you'll be banning foreign-looking people soon anyway so don't worry.

Re:Article disagreement

[Maritz]

What?

Re:Article disagreement

[RuffMasterD]

How about Maladaptive Neural Flatulence?

Re:Article disagreement

[Maritz]

Thanks for putting the made-up-in-your-own-head bit in quotes.

Re:Article disagreement

[Maritz]

Trump appears to be appointing the richest cabinet in history. Plunging right into the swamp that he said he was going to drain. For the little people. LOL.

Re:Article disagreement

[PeeAitchPee]

Yup. This is just CYA bullshit

Don't you mean, "This is just CIA bullshit"?

Re:Article disagreement

[azcoyote]

On top of that, he should not have told him to "change his password immediately." Since the email was fake, the user's password was not actually compromised. A not-so-savvy aide might have thought that changing the user's password would be a good safeguard, but saying this in context of the supposed typo simply reinforced the user's impression that the email was legitimate.
Honestly, however, it's possible the aide really gave bad advice and is simply calling it a typo to cover it up.

Re:Article disagreement

[CODiNE]

Grammar saves lives.

Let's eat, gramma!
Let's eat gramma!

https://matthewsavides.wordpre...

Nice pic
https://www.facebook.com/Lets-...

Re:Article disagreement

[gatkinso]

And then follows up with "he should change is password immediately."

I flag this excuse as BS.

Re:Article disagreement

[gatkinso]

Yes are all human and make typos. My password is "qwerty".

Re:Article disagreement

[gatkinso]

Oops, that was a typo.

Re:Article disagreement

[sabbede]

I would have (as I often have) said, "No, it's a scam. Maybe change your password just in case."

But I don't believe it went down like this. Delavan is taking the fall for Podesta's stupidity. Because that's what happens if you do IT for Hillary (3rd strike).

Re:Article disagreement

[AmiMoJo]

This is the unfortunate reality of phishing and malware. The attack doesn't have to be very good, just persistent. Eventually someone will screw up, click the wrong thing, typo the response, and the bad guys are in.

Time to hack = number of people in organization / quality of security

Since "quality of security" can never be infinite, it's always just a matter of time.

Re:Article disagreement

[mrclevesque]

The emails revealed nothing special, just stuff everyone does, Trump's campaign too.

Re: Article disagreement

[bfpierce]

So I take it you'd be just fine with all of Trumps emails to his staffers getting out there?

In the interest of transparency of course. Not because it would be funny reading, not at all.

Re: Article disagreement

[I'm+New+Around+Here]

Wow. Negative 1 with no moderation. You have managed to piss off a lot of people.

Re: Article disagreement

[budgenator]

FBI: 99% Likely Multiple Agencies Hacked Hillary Clinton’s Email Server

Re: Article disagreement

[budgenator]

I would seriously trust a Google Engineer's competency before my own in a network security matter, they are even HIPPA Compliant.

Re:Article disagreement

[budgenator]

The Brian fart was the "IT" guy didn't say "Don't do anything, except pressing the "windows" key and the"l" (el) key at the same time, come see me in person or have me come see you, STAT".

Re:Article disagreement

[nine-times]

Up till now, I thought they were the victims of sophisticated Russian ex-KGB agents using quantum cryptanalysis. But it turns out they fell for a common phishing scam written by some script kiddie.

It's not necessarily an "either/or" sort of thing, i.e. either "sophisticated Russian hackers" or "phishing scam". Social engineering is an effective attack vector, and it's not unusual for sophisticated hackers to make use of it, sometimes in tandem with other methods. Phishing scams sometimes use some kind of other access or research to determine who is a good target within an organization, or how the email should be crafted to elicit the desired response. Then, once some kind of access is gained from phishing, the attacker may use that access to attack other targets.

It's possible that it was a sophisticated Russian attacker making use of phishing.

Re:Article disagreement

[quintus_horatius]

No, he accidentally a word. He meant "We're all made of typos, right?"

Re:Article disagreement

[quintus_horatius]

the major failure here was to outsource something important enough that a fuckup could cost them an election.

I think the Trump campaign made a fine outsourcing choice, the Russians not only didn't fuck up his chances at election they guaranteed it

Re:Article disagreement

[LeftCoastThinker]

This exactly. Either the IT guy is incompetent and said what he meant that it was a legit email or he is incompetent because he couldn't spend 5 seconds to proofread his response. Either way he is incompetent and should be flipping burgers the rest of his life.

Re:Article disagreement

[LeftCoastThinker]

So obviously in your parallel dimension all rich people are evil and cheated their way to their fortune? I hate to burst your bubble, but only liberal progressive democrats obtain riches exclusively in that manner. Many rich obtain their fortune through hard work, wise choices and vision. How easy is it to bribe a rich politician vs a middle income politician. The actual positions don't pay that well these days, making it more tempting if you are a politician struggling financially to bend the rules and enrich yourself on the taxpayers dime.

Obama's net worth went from $1.3M in 2007 to $7M today. I'm sure that's just a coincidence.
Hillary's net worth went from flat broke in 1992 to over $30M today. Much of that income was in the $135M she and Bill made in speaking fees, paid in large part by colleges. This is nothing more than the modern form of payola where wealth is stolen from starving students with massive student loans and transferred to the elites to fund their opulent lifestyles.

Re:Article disagreement

[Rakarra]

Of course the other big woosh in this is the excuse. We have all made mistakes but I never remember adding extras letters and reversing the definition

Then you are a god among men. I see people making this mistake innocuously all the time.

Re:Article disagreement

[Rakarra]

Who talks like that anyway?

Lawyers. If you are paid to obfuscate, it eventually becomes second nature, and you fail to communicate clearly even to your friends and family.

Lawyers are mostly paid to be -specific-. Specific about every single case and situation, not leaving anything to intuition, which usually means it takes a few paragraphs to say something that most people would use a single sentence for.

Re: Article disagreement

[Rakarra]

Because hackers inside of extremely sensitive infrastructure always leave lots of "Haha, we got you!" messages?

Lack of evidence is not evidence. I'm sorry, but you have to provide evidence that the servers were hacked before we just assume they were hacked.
The only thing we know is that the emails from that server were not leaked to the public.

Re:Article disagreement

[micahraleigh]

You're just not following this.

Was revealed in the emails 2 people on Clinton's staff believe she hates ordinary people and that is one of their biggest obstacles.

Was also revealed that Clinton staff believed the emails were a burning major issue.

Was also revealed Hillary was pushing for removing the borders (she got grilled for this in the 2nd or 3rd debate).

There was a ton of other stuff. That's just what comes to mind.

Apologies if there was a *woosh* there.

Re:Article disagreement

[Rakarra]

No, Hillary sometimes does the actual executions herself.
Video Footage

Re:Article disagreement

[kaatochacha]

This was also my first thought, he's obviously lying to cover up his thinking the mail was real.
I'd have more respect for him if he just said " I made a mistake, I thought it was real and forgot to tell him to change his password by going directly to Google's page"

Re:Article disagreement

[mrclevesque]

That does sound like much of anything and I already know a lot has been made out of nothing.

I stand by my first comment.

Re:Article disagreement

[AK+Marc]

Outlook not so good.

Yes, we know all the jokes. They aren't the only options. But they are some of the most popular ones.

Re:Article disagreement

[dbIII]

If you have stuff in your emails that can sink you or your boss then those are the incredibly stupid ones.
Considering how many ex-spooks there are in politics (such as that guy that was running in Utah as an R alternative to Trump) you do not want to put your stuff where someone else can read it without a lot of trouble and then remember it later. If a third party hosting service is asked to give access or gives it freely as a matter of course how are you going to know? If they get hacked like we found out yesterday that Yahoo had what good does it do when you don't find out for three years?

After Watergate it should be obvious that political parties like to get hold of the secrets of other political parties, so from that perspective in what way is outsourcing confidential communications sane?

Re:Article disagreement

[cwsumner]

Trump appears to be appointing the richest cabinet in history. Plunging right into the swamp that he said he was going to drain. For the little people. LOL.

"Set a thief to catch a thief." 8-)

Re:Article disagreement

[micahraleigh]

In that case, may all the DNC candidates have the same nothing issues as Mrs. Clinton!

Re: Article disagreement

[Agripa]

Wow, Democrats keep using that word 'transparent' - I do not think it means what you think it does.

It is transparency when they do it.

Re: Article disagreement

[kenh]

Presidential candidates are under no legal requirement to share their tax returns, federal administrations are required under law to respond to FOIA requests in a timely and complete manner.

Tax returns are private, can not be FOIA'd, but there is a huge department (called the IRS) which enforces tax code compliance - if there's a legal issue with trump's taxes I trust the IRS would have found it during one of his many audits.

KGB

That sounds like a really sophisticated Russian hacking effort! I'm glad the CIA is on it!

Re:KGB

[Cmdln+Daco]

If it was a Russian hacking effort, it didn't need to be governmental. There is a large population of Russian hackers who are private entrepreneurs. If you're a Russian with computer smarts you don't have the same 'legit' opportunities as a western hacker*. The economy there isn't as big as in the US. (*hacker in the old sense that nerds used to understand) It could have been governmental, but the fact that it happened in 'Russia' doesn't mean it was government-operative-based. Especially since it was a lame phishing exploit.

Inflammable means Flammable? What a country!

[jelwell]

https://www.youtube.com/watch?...

I call BS on the IT guy

[JoeyRox]

Who uses the word "illegitimate" to describe a phishing email? It's more likely the IT guy thought the email was authentic and is now trying to cover for his incompetence.

Re:I call BS on the IT guy

[JoeyRox]

And furthermore, if the IT guy believed the email saying Posesta's account was hacked is illegitimate then why would he instruct Podesta to change his email password?

Re:I call BS on the IT guy

[dfsmith]

None of the 4 definitions of "illegitimate" that my dictionary gives fits the nature of an email like that.

il.le.git.i.mate \.il-i-'jit-*-m*t\ adj
1: born of parents not married to each other
2: ILLOGICAL
3: ERRATIC
4: ILLEGAL
-- il.le.git.i.mate.ly adv
-- il.le.git.i.ma.cy \-'jit-*-m*-se_-\ n

Re:I call BS on the IT guy

[h33t+l4x0r]

Who uses the word "illegitimate" to describe a phishing email?

When you're talking to non-techies you do, if you said phishing email to Podesta he would start looking for his tackle box.

Re:I call BS on the IT guy

[Orgasmatron]

I have never in my life referred to an email as "illegitimate". Not talking to bumpkins, not to construction workers, not to tradesmen, not to policemen, not to soldiers, not to doctors, not to lawyers, not to elected officials. Not to my employees, not to my bosses, not to CEOs, not to directors. Not to teenagers, not to millennials, not to adults, not to boomers, not to octogenarians.

However, I use the phrases "That's spam, delete it." and "Fake, trash it." damn near every day.

I haven't been around the world and seen everything, but I've seen a lot, and I've never met or heard of a group or demographic that would consider that phrasing normal.

There are times when spinning a tall tail to cover your ego is appropriate, and times when it is not. There are also good lies and bad lies. This one was pretty bad, and at a time when he's got a sizable fraction of the world looking in his direction. A better lie, and one that every single IT professional and talented amateur in the world would have believed completely, would have been: "I'm sorry, I was about to check the headers and I got distracted by a phone call / person walking into my office. When I got back to it, I had lost my place and mistakenly thought that I had checked when I hadn't."

Re:I call BS on the IT guy

[JoeyRox]

I wouldn't have used the word phishing either. But it's not a question of tech vs non-tech but of conversational English. Saying the email was fake would have done the trick, since the question posed to him was "Is the notice real?"

Re:I call BS on the IT guy

[hambone142]

He's working for the Russians like every other person that gets in to the Democrat party's email.

He doesn't speak English well. :-^

Re:I call BS on the IT guy

[Rakarra]

Who uses the word "illegitimate" to describe a phishing email?

I would. I think most other IT guys could do that too. Why does it seem so weird?

Re:I call BS on the IT guy

[JoeyRox]

Because it's an uncommon turn of phrase in that context.

Lots of typos

[DidgetMaster]

Apparently, there were thousands of typos in the emails themselves. All those racial slurs. All those admissions of collusion with the press and super PACS. All those derogatory things the Clinton campaign was saying about Obama. All the campaign's dirty tricks. All the gaffes in Hillary's paid speeches....They were just all TYPOS!

Re:Lots of typos

[Babylon+Rocker]

All stamped with a legitimate digital signature from google.....

Re:Lots of typos

[DerekLyons]

That's the real shame here... the Left screaming and hollering about hackers, while trying to pretend the released information doesn't exist.

Re:Lots of typos

[Tablizer]

or merely Trump quotes

Re: Lots of typos

[kenh]

You can bet that the various Republican counterparts to Podesta have written much, much worse in their own email records;

What a childish claim - why would the contents of RNC emails be 'much, much worse'? You could conclude that they likely have similar things in their emails.

the only reason you don't know for sure is because it suits Russia's purpose to withhold that information from you for the time being.

Or the RNC email server was secure?

Or the RNC emails weren't as 'explosive'?

Or the RNC simply wasn't targeted?

Or any of a hundred other reasons...

Re:Lots of typos

[kaatochacha]

I once observed a man beating someone on the street.
But it's OK, since I know someone else who also does that.

You don't need Russia or China

[Crashmarik]

To hack complete idiots.

Re:You don't need Russia or China

[RightwingNutjob]

And that there is the only shred of a possible reasonable doubt that Trump is in Russia's pocket wrt email hacks. The attack was so simple, anyone could have pulled it off.

Re:You don't need Russia or China

[geoskd]

What, the Russians showed us the TRUTH about Hillary!

No doubt, but notice that they waited until after Sanders lost the primary to out Clinton. Of the almost 2 dozen contestants in this race, why did it end up being a selection between two of the worst imbeciles ever to grace the presidential podium?

Re:You don't need Russia or China

[Xenographic]

> No doubt, but notice that they waited until after Sanders lost the primary to out Clinton.

For which hack? I covered the list of them just the other day - https://slashdot.org/comments.pl?sid=9986237&cid=53472053

You realize there are many sets of leaks at different times and not many people even took Trump seriously back in the summer of 2015, right? (Many still do not, but I digress...)

Oh, and we have an email from them in 2015 saying "Best approach is to slaughter Donald for his bromance with Putin, but not go too far betting on Putin re Syria."

Source: https://wikileaks.org/podesta-emails/emailid/25651

> why did it end up being a selection between two of the worst imbeciles ever to grace the presidential podium?
Flag as Inappropriate

If you look at the PDF attached to this email, you'll see that it was the DNC's own "pied piper" strategy wherein they had their allies in the media promote Trump early on believing him to be one of the weakest candidates who would hurt the Republican party.

So that would appear to be your answer.

It's Podesta's fault too

[voislav98]

Apparently he wasn't tipped off by the start of the email

Comrade Podesta,

Filthy imperialist pigs have hacked into you email. To change your password please click http://www.ussrlives.com/mail/

If you don't enable MFA I have no sympathy for you

[sirket]

Seriously- If you haven't enabled MFA on your Gmail account then please don't complain when you get hacked. It takes a couple of minutes- you have no excuse not to.

Probably Misdirection

[alternative_right]

Most leaks are by insiders. It might be convenient to believe this was a Russian phishing attack, as that fits with the current narrative, but most likely it was a disaffected staffer.

Re:Probably Misdirection

[king+neckbeard]

There was definitely a phishing attack with the Podesta leaks, but that doesn't mean an insider wasn't involved.

text of email

https://wikileaks.org/podesta-emails/emailid/36355

[Edited to remove blank lines and phone numbers]

Re: Someone has your passwrd

From:mfisher@hillaryclinton.com
To: slatham@hillaryclinton.com
CC: john.podesta@gmail.com
Date: 2016-03-19 12:14
Subject: Re: Someone has your passwrd

Hi- yes I will call John right away and work on new passwords. He will need
to use my two step verification codes to sign in.

Milia Fisher
[phone number]

On Mar 19, 2016, at 10:07 AM, Sara Latham
wrote:

The gmail one is REAL

Milia, can you change - does JDP have the 2 step verification or do we need
to do with him on the phone? Don't want to lock him out of his in box!

Sent from my iPhone

Begin forwarded message:

*From:* Charles Delavan
*Date:* March 19, 2016 at 9:54:05 AM EDT
*To:* Sara Latham , Shane Hable
*Subject:* *Re: Someone has your passwrd*

Sara,

This is a legitimate email. John needs to change his password immediately,
and ensure that two-factor authentication is turned on his account.

He can go to this link: https://myaccount.google.com/security [Stupid assistant ignored the correct way to chg pass]
to do both. It is absolutely imperative that this is done ASAP.

If you or he has any questions, please reach out to me at [phone number[

On Sat, Mar 19, 2016 at 9:29 AM, Sara Latham
wrote:

> Sent from my iPhone
>
> Begin forwarded message:
>
[Forwarded Phishing Email from Delavan here]
> *From:* Google
> *Date:* March 19, 2016 at 4:34:30 AM EDT
> *To:* john.podesta@gmail.com
> *Subject:* *Someone has your passwrd*
>
> Someone has your passwrd
> Hi John
>
> Someone just used your password to try to sign in to your Google Account
> john.podesta@gmail.com.
>
> Details:
> Saturday, 19 March, 8:34:30 UTC
> IP Address: 134.249.139.239
> Location: Ukraine
>
> Google stopped this sign-in attempt. You should change your password
> immediately.
>
> CHANGE PASSWORD
>
> Best,
> The Gmail Team
> You received this mandatory email service announcement to update you about
> important changes to your Google product or account.
>
--
-Charles Delavan
HFA Help Desk

The HFA Operations Team is here to support you. Let us know how we’re doing
by filling out a brief survey .

So the help desk actually provided the correct URL to change the password, but the assistant went on click the phishing bit.ly link. Funnily enough, the HelpDesk monkey's sig contains a link to a survey using A BIT.LY LINK! LOL>

Re:text of email

[quenda]

Not a very sophisticated phishing attack. I can't imagine an automated system saying "Someone has your password".
Rather it would warn more like "We've detected suspicious activity in your account," and advise user to check it was OK.

However, google security emails really are addressed "Hi " and signed "Best", so who knows??

I'd expect the KGB version to be more polished.

Re:text of email

[Xylantiel]

Given the nature of the hack, it seems like if Podesta had just enabled two-factor like he was told, the typo wouldn't have mattered and even giving the hackers his password wouldn't have mattered. The IT guy says right there that two-factor should be enabled as soon as possible, and even implies that it already should have been. Actually this level of person not using two-factor is just madness. And how does the first part of the email even make sense? Why would he use mfisher's two-step verification codes?

Re:text of email

[Swave+An+deBwoner]

Thanks for posting this. It appears that the email sent by Charles Delavan in fact said that the email (purportedly from Google Gmail) was legitimate and that therefore Podesta should change his password.

It looks like Delavan is trying to wiggle out of that mistake now by claiming that he meant illegitimate; however Delavan's stated conclusion that Podesta should immediately change his password in response to that "illegitimate" email shows otherwise.

Re:text of email

[jandrese]

Why does the DNC handle email like my retirement age parents? Do they not have any young people working for them who know how email works these days?

Re:text of email

[tomhath]

Three are two things in the response that caused the aide's confusion.

This is a legitimate email. John needs to change his password immediately, and ensure that two-factor authentication is turned on his account.

He can go to this link:...

Aside from the legitimate/illegitimate error, the advice that "He can go to this link:" is ill advised, especially when the link he provided is probably similar to the phishing link.

Idiot

[byteherder]

You mean he didn't check the url where he was giving his new password, he didn't log into Google directly, he didn't to make sure that the email was really sent from someone at Google.
He blindly clicked on a link in an email and gave up his password.

And this proves that Russia hacked is account.

All this proves is that John Podesta is an idiot.

Re:Idiot

All this proves is that John Podesta is an idiot.

The fact that he's a democrat proves he's an idiot.

Re:Idiot

[Tablizer]

I accidentally made a similar mistake myself recently. I got a notice that I'm being billed for a song which I didn't order from a tunes site.

Under the sheer emotion of being mis-billed, I clicked the "Cancel" link given by the email itself. Fortunately my anti-malware software caught it before I tried to login. The habit of just clicking sometimes jumps ahead of reason. We're human.

Re:Idiot

>The fact that both DNC and RNC were hacked, but only the choicest bits of embarassing stuff from the DNC hacks were leaks, strongly suggest Russian involvement with the intent of benefiting Trump in the general.

Except the Chairman of the Republican National Committee, Reince Priebus, said the RNC was not hacked.

“The RNC was absolutely not hacked,” Priebus said.

“Well, it’s really simple,” he added, when asked to explain the report. “Because when the DNC was hacked, we called the FBI and they came in to help us. And they came in to review what we were doing and went through our systems, went through every single thing that we did.”

“I don’t know of any employees, on any of their own Gmail accounts, that was hacked,” he continued. “So what I’m trying to tell you is the RNC was not hacked, number one.”

Keep trying!

I blame Russia

[ooloorie]

Delavan told The New York Times he had intended to type "illegitimate," a typo he still has not forgiven himself for making. The email was a phishing scam that ultimately revealed Podesta's password to hackers. Soon after, WikiLeaks began releasing 10 years of his emails.

The Russian psychic warfare department strikes again! We really need to stop those evil Russians meddling with our democracy! Who knows in what other nefarious ways they use their psychic superpowers!

Re:Proof!

[unixisc]

If a typo led to Podesta's email hack, what would have revealed Abedin's emails to the feds while they were searching Wiener's?

Curious alignment of the discussion for /.

[Swave+An+deBwoner]

I find it curious that so many of the folks posting here are confusing the act of someone clicking on a phishing link as proof positive that -- contrary to US intelligence agencies reporting -- the illegal access to Podesta's email account was not in fact the result of a Russian operation.

Normally the slashdot folks are smart. What happened here?

Re:Curious alignment of the discussion for /.

[Swave+An+deBwoner]

US Intelligence didn't, Bush & Cheney did:

http://www.salon.com/2015/05/20/george_w_bushs_cia_briefer_admits_iraq_wmd_intelligence_was_a_lie/

Re:Curious alignment of the discussion for /.

[ooloorie]

the illegal access to Podesta's email account was not in fact the result of [Russian intelligence]

Well, it was certainly not the result of US intelligence!

What the release of the Clinton E-mails shows is that (1) the people around Hillary Clinton were incompetent when it came to E-mail security, and (2) Hillary Clinton and the DNC had a lot of dirty laundry.

Who actually released those E-mails hardly matters. Obviously, it was someone who wanted to hurt Hillary. So what? That's how adversarial systems work. I don't really care whether it was the Russians, Assange, or the Saudis, except perhaps to thank them for their efforts.

Re:Curious alignment of the discussion for /.

[ooloorie]

US Intelligence didn't, Bush & Cheney did

Well, that logically also means either Hillary Clinton lied about Iraq herself, or that she was derelict in her duty to inform herself, or it means the CIA lied to Hillary Clinton, doesn't it?

Re:Curious alignment of the discussion for /.

[Swave+An+deBwoner]

Clinton has repeatedly and clearly stated that she made a mistake on Iraq. I'm not sure what you're trying to prove here but I think it's off-topic anyway.

Re:Curious alignment of the discussion for /.

Jeezus, Salon is shit. Couldn't you find something a little less propagandistic?

https://fas.org/irp/cia/product/iraq-wmd.html

Key Judgments [from October 2002 NIE]

Iraq's Continuing Programs for Weapons of Mass Destruction

We judge that Iraq has continued its weapons of mass destruction (WMD) programs in defiance of UN resolutions and restrictions. Baghdad has chemical and biological weapons as well as missiles with ranges in excess of UN restrictions; if left unchecked, it probably will have a nuclear weapon during this decade. (See INR alternative view at the end of these Key Judgments.)

(U) Confidence Levels for Selected Key Judgments in This Estimate
~ High Confidence:
  Iraq is continuing. and in some areas expanding, its chemical, biological, nuclear and missile
programs contrary to UN resolutions.
  We are not detecting portions of these weapons programs.
  Iraq possesses proscribed chemical and biological weapons and missiles.
  Iraq could make a nuclear weapon in months to a year once it acquires sufficient weaponsgrade
tissile material.
~ Moderate Confidence:
  Iraq does not yet have a nuclear weapon or sufficient material to make one but is likely to
have a weapon by 2007 to 2009. (See INR alternative view, page 84).
lSttN£1 Low Confidence:
  When Saddam would use weapons of mass destruction.
  Whether Saddam would engage in clandestine attacks against the US Homeland.
  Whether in desperation Saddam would share chemical or biological weapons with ai-Qa'ida.

The Bush Administration oversold the "eminent' threat, but they didn't make shit up about what the CIA put in the NIE about the so-called WMD's.

Re:Curious alignment of the discussion for /.

[ooloorie]

The point is that if you take the position that the intelligence community was truthful on Iraq and the only people who lied were Bush and Cheney, then Clinton's vote wasn't just "a mistake", it was a deliberate and callous choice.

In any case, what actually happened is slightly more complex. The intelligence report came in two versions, one classified, one unclassified. The unclassified report was misrepresenting the situation, and that's all Hillary ever bothered to read. That means that Trump is justified in distrusting intelligence reports and Clinton showed a callous disregard for American lives by not doing her homework on such an important issue. That is, both the intelligence community and Hillary come out of the Iraq vote like a basket of deplorables, and "I made a mistake" doesn't cut it.

http://www.theatlantic.com/int...

Re:Proof! [that liberals are stupid]

[Tablizer]

If you have direct evidence that on average progressives make such mistakes more than conservatives, I'll give you kudo points. Otherwise, stick it up your troll-hole using repetitive and intense motion.

and yet...

[argStyopa]

...we continue to talk about the HACK and who did it, not what the emails showed.

Re:and yet...

[dbIII]

...we continue to talk about the HACK and who did it, not what the emails showed.

That's been done everywhere else, so why nor talk about the hack on a tech site and the politics on a political site?
How about this suggestion - link to a one of the many places discussing what the emails showed.

Re:and yet...

[argStyopa]

That doesn't really make sense as a comparison?
Watergate break ins were not really about the documents, but about the planting of listening devices, or the replacement of broken ones.

They planned to photograph some campaign docs, but I'd guess that these were of value only in the short-term context of the campaign and not really otherwise interesting.

How does that IT guy get work done?

[CanadianMacFan]

Really, if he's going to be changing the password after receiving every phishing scheme message there isn't going to be much time left for actually doing work.

All that he had to do was reply, "It's a scam to try and get you to enter your password on a bad guy's website. Delete the email and forget about it." Then write up a message that provides a few more details to be distributed to everyone that basically says the same thing because if one person asks you know that more than one person has that question.

Damn autocorrect!

[skids]

General pactice when someoe is being tageted is t asume other attaks fromm other vectors are in pogress som of which may be crack-basd.

I can titaly see this happening what wit today's autocorect, IT people not bein traned in gramar and always rushin, an the godamn suck ass chiclet keybords in us today.

Re:Damn autocorrect!

[budgenator]

General pactice when someoe is being tageted is t asume other attaks fromm other vectors are in pogress som of which may be crack-basd.

I can titaly see this happening what wit today's autocorect, IT people not bein traned in gramar and always rushin, an the godamn suck ass chiclet keybords in us today.

So he should what change his password to "aaaAAA1!" or "Qwerty123!" because they most likely already tried these?
OBTW Dude get a new keyboard, that shit is making my eyes bleed!

Re:Damn autocorrect!

[skids]

Dude get a new keyboard, that shit is making my eyes bleed!

These days, getting a "new" keyboard just seems to make the problem worse. Finding an *old* keyboard makes them disappear entirely. Go figure.

Re:Damn autocorrect!

[budgenator]

True, I almost cried when the keyboard from my 12MHz AT computer finally died; they just don't make them anymore. the Happy Hacking Professional 2 might be a reasonable quality, but it priced $225.00.

Re:Damn autocorrect!

[Agripa]

Dude get a new keyboard, that shit is making my eyes bleed!

These days, getting a "new" keyboard just seems to make the problem worse. Finding an *old* keyboard makes them disappear entirely. Go figure.

This reminds me of a minor plot point in Vernor Vinge's Rainbows End where one of the characters bearing a resemblance to Richard Stallman unlawfully maintains old but secure computing hardware.

Re:Proof!

[Cmdln+Daco]

Weiner was being investigated for a new instance of child molesting (an underaged post-pubescent young woman, but we get weird about that stuff) and the Weiner household apparently was sharing machines and a bunch of Abedin's email was on one of the machine seized. It's really appalling that those emails were being tossed around so recklessly by various parties involved.

These people mocked McCain over computers...

[mi]

Eight years ago these people mocked McCain as "out of touch" for his reluctance to use a computer...

Turns out, they need two layers of aides themselves to be able to tell an e-mail scam... Hypocrite scum.

Re:These people mocked McCain over computers...

[Trailer+Trash]

Eight years ago these people mocked McCain as "out of touch" for his reluctance to use a computer...

Turns out, they need two layers of aides themselves to be able to tell an e-mail scam... Hypocrite scum.

Right. And then I'm supposed to believe that the well-written "answers" from "Hillary Clinton" on Quora are really from Hillary herself - someone who demonstrably is baffled by a fax machine.

Re:These people mocked McCain over computers...

[Raenex]

Right. And then I'm supposed to believe that the well-written "answers" from "Hillary Clinton" on Quora are really from Hillary herself - someone who demonstrably is baffled by a fax machine.

There's also an email from Hillary asking an aide to find out what time a show was on TV. These people are like Mr. Burns, living in a bubble surrounded by aides who do everything for them. In all the email leaks I've seen, I have yet to see a single email from Hillary of any substance.

Now granted, she was good at prepping for debates and parroting talking points. But that's as far as it went.

Lesson 1 - use small words to PolSci types

[dbIII]

I've had the misfortune of having to deal with a few of these types that went to college to play politics and never grew up.
They like to call it "Political Science", but as valid a study as it is the "science" bit just doesn't cut it. When a manager has come in via a political track it is important to use small words instead of communicating as if they had studied science, engineering or literature. People who have not been to college at all usually make up the slack, but on the political track they are overconfident and don't bother to fill in the gaps.
So dumb it down, check it over, then dumb it down a second time. Use words like "scam" instead of illegitimate. If utter stupidity lies in one direction do not be afraid of using outright profanity to point it out.

Re: Proof!

[kenh]

The most reasonable answer as to why so many Huma work emails were on a forgotten laptop is because she set her laptop to download work emails and store them instead of simply using it to access a webmail portal on the server...

Clear Language

[n3r0.m4dski11z]

Exactly. Having done this for a few years, CLEAR LANGUAGE is very important. There are english courses dedicated to that concept, but its pretty simple to grasp.

"Yes, that's probably a virus. Delete it."

While not exactly technically accurate, leaves absolutely no ambiguity. You would never tell the user to change their password, because obviously, they are being told that already by a third party so you telling them that would be an explicit validation of the problem and cause them to immediately act on it.

That he says a typo is to blame is icing on the cake really. Like someone who went over reading bad correspondences they made and desperately searching for any reason that it is not their fault.

Language of course, can only help if your direction is sound. And with that many screw ups in a tiny email, it was clearly not. This guy does seem like a bad admin at this point and perhaps, clueless. lor knows there are plenty of them

I've become way too paranoid

[No+Longer+an+AC]

I got a letter (actual paper sent via USPS) telling me that a healthcare provider suffered a data breach and my personal information has been stolen from them.

It tells me to go to a website to get a year of free credit monitoring and enter a customer number they have assigned me. I've never heard of this website. Warning bells go off, but as long as I only enter the customer number they assigned me what harm can it do? It seems legit. I really did use that healthcare provider. (So did thousands if not millions of other Americans who live near me). Google searches don't show any indication that it's a scam, but I shouldn't rely on that alone, should I?

And when I enter my customer ID number, it pulls up a form with my name and address already filled in (how else would they snail-mail me if they didn't know that) and it asks me to fill in my Social Security Number.

I actually think it's legitimate, but I'm not going to enter my SSN into some website just because someone sent me a physical letter instead of an e-mail, especially some website I never heard of.

10 years ago, I used weak passwords and often used the same password on different sites. Now I don't. There's no reason anyone in Podesta's position should be even more paranoid and careful. Did I go to g00gle.com or google.com?

Oddly enough, a few weeks ago I mis-dialed a bank and got a telesquatting number. If they had used a reasonably believable voice mail system I would have been fooled. Instead of the usual system I get when I call that bank I got a bunch of scatter-shot ads offering to save me money on everything from insurance to mobile phone service. If they had only asked for my banking credentials mimicking the bank's system I might have fallen for it.

I let the bank know. I don't think they care much.

Re:I've become way too paranoid

[Mateorabi]

My CC credit union outsources its fraud investigation. So I get a cold call from a company I don't recognize, asking me to confirm my identity and CC info, from a phone number that isn't on the back of the CC, in order to confirm some activity. I hang up, call my credit union from the # on the card, and they confirm that the company was legit and give me the number to call back. Turns out the original call was real. The last thing I say to them is that they are conditioning their customers to respond to cold-calls claiming to be a fraud department--not wise for an actual fraud prevention company.

Re:I've become way too paranoid

[jandrese]

Frankly if a badguy has gone to the trouble to snail mail you they could have gotten your SSN way easier and faster with a bit of detective work. The fact that the site asked for you SSN so it can do credit monitoring makes sense too. I'd rate the chance that it was a phishing operation pretty low. If the site started asking you for your gmail passwords or bank logins that would be a red flag, but just the SSN isn't outside of what you would expect.

And if you were feeling extra paranoid you could call your bank and ask if they contracted out with that company for their 1 year of mostly useless credit monitoring. There probably isn't much your bank can do about a recording system on a number they don't own that doesn't even attempt to mimic their system. All phone numbers are just a few digits off from many other phone numbers. What are they going to do, buy up huge swaths of numbers just in case someone does something that almost never happens in real life? It's not even that great of an attack anymore since most people have cell phones that can hold millions of addresses and don't need to manually type numbers for common services anymore.

Re:I've become way too paranoid

[No+Longer+an+AC]

Obviously if they're offering legit credit protection they'll need an SSN, but presumably they already have it because I did cough up that information when I sought health care.

Assuming they're legit and I am inclined to agree they probably are, they're just using this to confirm that I am who I say I am.

But how else would anyone know my unique Customer ID Number unless the snail-mail was intercepted or someone had hacked into their system? And what good would it do an identity thief to enroll me into a year of credit monitoring?

Re:I've become way too paranoid

[stdarg]

I let the bank know. I don't think they care much.

They don't care at all. I had a bank email me financial info for one of their customers. Funnily enough, the email was very proud of how much they value security, so it made a note that the attached pdf was encrypted.. and oh here's the password for it right here in the email.

I emailed them back and said they had the wrong email address for their customer. They thanked me. Then emailed the same document to me again.

Keep at it with enough attacks

[rsilvergun]

and you're bound to get one through. Weight of fire. And it's easy when you've got (Russian) pros firing the Ammo non-stop every day.

We knew this weeks ago...

[Xenographic]

It's amazing how they didn't manage to link to any of the actual emails or other original sources on this. No, I don't want to read your other 10 related articles on the subject, I'd like to see the damned emails in question, please.

I covered this exact story quite thoroughly just the other day, not to mention several other comments which you can find if you go back further, wherein I covered the DKIM signatures, stats on the bit.ly link to the phishing page, etc. which all proved this to be real.

We figured this out many weeks ago, they're really behind the times on this one. Anyone who read /r/wikileaks could have told you about this a long time ago.

Why ?

[Archfeld]

Why would you use an email link to change your password anyways, given the possibility of a faked or hijacked domain ? You should obviously go to the source and perform admin functions though the official tools and channels provided by that source even if someone vetted the email for you.

Sony, just... Sony

[hackwrench]

Sony wants you to click on links in emails to change your password. They sent me one several times. When I finally needed to do something with the account, I went on their site and they sent me an email. not with a code to enter, like Steam does sometimes for additional authentication, but a link.

Hamming distance

[gr8dude]

Next time express contrasting ideas with words that have a greater Hamming distance; otherwise this is a recipe for a disaster.

Lesson: Never work for Hillary.

[sabbede]

Why? Because you're going to take the fall for her or her people's fuckups. IT department at State - fucked over by Hillary when she wouldn't file paperwork to get her personal email whitelisted. End result - State's email got hacked. Her people managing her personal email server? Facing Congress and the FBI for following her orders and destroying the server. Now this.

Hillary: Screwing over IT departments since 2008.

https://en.wikipedia.org/wiki/For_Want_of_a_Nail

https://en.wikipedia.org/wiki/For_Want_of_a_Nail

Re:Proof!

[unixisc]

But that's the weird thing. When I got my first Windows XP computer, I discovered the login, and my wife then suggested that we have different login accounts, and liked that feature. It wasn't there in Windows 95 or 98, but since XP merged both the win32 codebases, it ended up having it.

So even if they shared the computer, Huma could have had a separate login. Assuming that they used an email client like Outlook, I'll guess that it would have had both his and her email accounts. So while browsing his emails, they'd have stumbled across hers, and thereby ended up re-investigating her.

HRC, all her other blunders notwithstanding, can thank this couple for snatching the election from her, and get them a one way ticket to Mecca

Oh, say it isn't so...

[U8MyData]

How does this surprise me. Humm, socialist leaning, ignorant, dumb, ID10T, whining little man. So sorry you were hacked by your own, and by extension, an absent, overworked, and equally ID10T IT folks. Unreal, really... We have been sitting on internet related security for over a decade and they, being the entitled, still feel like they can just ignore everything. And they know best, right?

how does this taint the election?

[micahraleigh]

I don't see how the election is tainted because the losing side did a loser thing with their own email account.

Mule Fritters!

[p51d007]

Ok, so now we are to believe, the email was hacked due to a typo? If that is the case, then WHY did this clown put "YOU NEED TO CHANGE YOUR PASSWORD"? If it was suppose to be "IL"legitimate, why would you tell him to change his password? Short answer...he SCREWED UP and these clowns got hacked, because some boob thought a scam email, was a legit email. hahhahahhahahhahha

ORLY? That mostly tells us about YOUR ethics.

[Ungrounded+Lightning]

The emails revealed nothing special, just stuff everyone does, Trump's campaign too.

Hiring people to pretend to be supporters of the other side and disrupt public events by initiating felonious physical attacks on other people?

1) Please show evidence that Trump's operation EVER did this.

2) Since when is "Everybody else does it too!" a defence for committing a felony? (There are a LOT of criminals who would like that to work in court.)

Sorry, mrclevesque, but statements like that say more about your own ethics than they do about those of people who either did not do, or at least did not get caught doing, the actual crimes the people you're defending DID get CAUGHT doing.

I guess that e-mail was from Putin?

[Mondor]

I thought that all 3-letter agencies were absolutely sure that Russians were behind this and other state-of-the-art hacks. And now it turns out there was a basic phishing and illiterate politician. Do they owe Putin a pint for the trouble, or it's OK?

Re:I guess that e-mail was from Putin?

[ebvwfbw]

Libtards for you. Anything but the truth.
Thanks God for that idiot aide. He showed us just what scumbags the Dems are. Not that this matters at all to those that call themselves democrats. They just justify it all away. Those that are still in the party that is. They had to hire a bunch of people to go to their convention. The party is about to implode from the crazy left.

Re:Proof! [that liberals are stupid]

[micahraleigh]

There are studies showing people who smoke marijuana or look at porn have smaller brains.

Re:Proof! [that liberals are stupid]

[Tablizer]

Repubs do it also, but in the closet.

Re:ORLY? That mostly tells us about YOUR ethics.

[mrclevesque]

"Hiring people to pretend to be supporters of the other side and disrupt public events by initiating felonious physical attacks on other people? 1) Please show evidence that Trump's operation EVER did this"

I'm not going to believe you automatically, please show me evidence for your claim

Re:ORLY? That mostly tells us about YOUR ethics.

[Ungrounded+Lightning]

I'm not going to believe you automatically, please show me evidence for your claim.

Go to youtube and search for "project veritas" (I through III or so) for hidden camera videos of the operatives explaining what they did. (The Clinton campaign fired them immediately after this came out, of course.)

There's corroboration in the WikiLeaks data dumps, but that takes more digging.

There was lots of news coverage on it. (But not much in the mainstream media, of course. B-) )

Re:ORLY? That mostly tells us about YOUR ethics.

[Ungrounded+Lightning]

(My reply ended up as a peer rather than a child, so I'm repeating it...)

I'm not going to believe you automatically, please show me evidence for your claim.

Go to youtube and search for "project veritas" (I through III or so) for hidden camera videos of the operatives explaining what they did. (The Clinton campaign fired them immediately after this came out, of course.)

There's corroboration in the WikiLeaks data dumps, but that takes more digging.

There was lots of news coverage on it. (But not much in the mainstream media, of course. B-) )

Re:ORLY? That mostly tells us about YOUR ethics.

[mrclevesque]

Like I said the emails revealed nothing special, just stuff everyone does, Trump's campaign too.

On the youtube video montage, it shows people boasting about their unethical campaign tactics, again nothing special, unethical tactics aren't new and aren't limited to the democratic party.

I mean none of this is surprising, sure it would be better if business people, politicians and their supporters were more ethical, transparent, and legally above board in their dealings.

No secure email

[cwsumner]

There is no such thing as secure email. Every message is present on every server in the internet chain. Anyone with access to any net server, can set up scans of them as desired.

And these people wanted the keys to the "nukes" ! Gack! 8-P

Re:Proof! [that liberals are stupid]

[cwsumner]

If you have direct evidence that on average progressives make such mistakes more than conservatives, I'll give you kudo points. ...

Maybe we should say: Politician and Lawyers make such mistakes more than Human beings... ?

Re:Proof! [that liberals are stupid]

[Tablizer]

Booya!

http://www.businessinsider.com...