Slashdot Mirror

← Back to Stories (view on slashdot.org)

A Typo Led To Podesta's Email Hack, Says Report (thehill.com)

Posted by BeauHD on from the auto-correct dept.

tomhath quotes a report from The Hill: Last March, Podesta received an email purportedly from Google saying hackers had tried to infiltrate his Gmail account. When an aide emailed the campaign's IT staff to ask if the notice was real, Clinton campaign aide Charles Delavan replied that it was "a legitimate email" and that Podesta should "change his password immediately." Instead of telling the aide that the email was a threat and that a good response would be to change his password directly through Google's website, he had inadvertently told the aide to click on the fraudulent email and give the attackers access to the account. Delavan told The New York Times he had intended to type "illegitimate," a typo he still has not forgiven himself for making. The email was a phishing scam that ultimately revealed Podesta's password to hackers. Soon after, WikiLeaks began releasing 10 years of his emails.

43 of 274 comments (clear)

  1. Article disagreement by suso · · Score: 5, Insightful

    Clinton campaign aide Charles Delavan replied that it was "a legitimate email"............he had intended to type "illegitimate,"

    If that's true, shouldn't they have used "an" instead of "a". These are college graduates after all, right?

    1. Re:Article disagreement by Anonymous Coward · · Score: 2, Interesting

      Who talks like that anyway? I would say something like "this is a scam, don't listen" or "this is fake"

    2. Re:Article disagreement by sexconker · · Score: 4, Funny

      Yup. This is just CYA bullshit designed to make them look less incompetent. We're all made typos, right?

      It coudl happent o anyone!

    3. Re:Article disagreement by Ungrounded+Lightning · · Score: 3, Insightful

      Clinton campaign aide Charles Delavan replied that it was "a legitimate email"............he had intended to type "illegitimate,"

      If that's true, shouldn't they have used "an" instead of "a". These are college graduates after all, right?

      Depends on the layer of his mind where the mistake was made. If it is above the abstraction layer of the grammar processing for emitting the typo, he would emit a grammatical but erroneous-in-multiple-words statement.

      --
      Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
    4. Re:Article disagreement by Anonymous Coward · · Score: 2, Insightful

      Legitimate or not, the huge thing that everyone should know is [b]never[/b] to use an email to log into an account.

    5. Re:Article disagreement by suso · · Score: 3, Funny

      We're all made typos, right?

      Don't you mean "we've"?

    6. Re: Article disagreement by saloomy · · Score: 3, Interesting

      Some people who are professionals or trying to appear that way for position in a future administration may talk that way. Maybe an autocorrect change "an legitimate email" to "a legitimate email". That being said, I'm still glad we had access to this information as voters. It led us to a more informed decision vs. just a "public position" to go off of.

    7. Re:Article disagreement by whoever57 · · Score: 5, Insightful

      What about the second part, where he told him to change his password? There isn't a single letter typo that can reverse the meaning, plus, if there is no action, then "immediately" is completely redundant.

      No, this is a poor cover story from someone who fucked up massively.

      --
      The real "Libtards" are the Libertarians!
    8. Re:Article disagreement by ShanghaiBill · · Score: 5, Insightful

      This is just CYA bullshit designed to make them look less incompetent.

      I am confused. Up till now, I thought they were the victims of sophisticated Russian ex-KGB agents using quantum cryptanalysis. But it turns out they fell for a common phishing scam written by some script kiddie. How does this make them look less incompetent?

    9. Re:Article disagreement by Swave+An+deBwoner · · Score: 3, Funny

      Russian to English translation is not easy. Please give dispensation.

    10. Re:Article disagreement by Solandri · · Score: 3, Informative

      To me, "illegitimate" is one of those words which seems to be semi-archaic in modern English. To my ears, it sounds right to use it only in certain legal contexts. e.g. An illegitimate search, an illegitimate child, etc. In the context of a phising email, I would simply say "that's not a legitimate email." And that's rather easy to corrupt into "that's a legitimate email" if you're thinking 5 words ahead of your typing.

      Of course I proofread my emails before hitting send to avoid these problems. And Delavan claiming he meant "illegitimate" rather than "not legitimate" decreases the possibility that this explanation is correct. Just wondering what native English speakers think. Despite living here 45 years and English being my best language, it isn't my native language and some of the intricacies still elude me.

    11. Re:Article disagreement by Cmdln+Daco · · Score: 2

      The technical term for that is that it was a 'brain fart'. Brain farts can happen to anybody. As evidenced here, when a brain fart happens you can even re-correct the words around the 'typo' as in using 'a' instead of 'an.' The takeaway is that it was ordinary low-level phishing that cracked Podesta's account. The Clinton team wasn't even invulnerable to plain vanilla phishing. Is Podesta even in any kind of position now where his computer illiteracy could get him in trouble again? The team he was on lost, and he's very tied to the fortunes of Ms. Clinton and probably won't be the head of anybody's campaign again.

    12. Re:Article disagreement by rtb61 · · Score: 4, Insightful

      Of course the other big woosh in this is the excuse. We have all made mistakes but I never remember adding extras letters and reversing the definition. Of course normal response in IT circles when phishing email is questioned, is fuck no, do not touch it, I will be right there to check it, this because phishing attacks are normally picked up by filters and any suspect ones that get through become an immediate concern because they represent a greater threat. Of course if you set up your insecure email server in a bathroom with intend to destroy all records if you do not have time to edit out the ones you do not want, meh who gives a fuck, arrogant criminals in government who can completely distort the application of justice as far as their criminally corrupt arse is concerned, well, security that a problems for the plebs. You just know some extremely bad file attachments will leaked out and that's what all the real fuss is about, you could imagine splashed all over Russian media and they after some time censored versions on grudgingly put on western media. When they start to arrogantly ignoring network security, they always go nuts become idiots and starting pushing the limits, no matter where they work government or private, right up until they are brought crashing down to earth. Nobody tolerates fuck ups in the end and they readily toss them out as sacrifices to the appearance of justice.

      --
      Chaos - everything, everywhere, everywhen
    13. Re: Article disagreement by kenh · · Score: 4, Informative

      Wow, Democrats keep using that word 'transparent' - I do not think it means what you think it does.

      'Transparent' does not mean - take years to respond to FOIA requests.

      'Transparent' does not mean - turning over hand-picked work emails two years after leaving office.

      'Transparent' does not mean - anything embarrassing can be kept private due to 'executive privlege.'

      'Transparent' does not mean - crying like a stuck pig because your embarrassing emails were made public against your will.

      --
      Ken
    14. Re: Article disagreement by kenh · · Score: 3, Interesting

      But it turns out they fell for a common phishing scam written by some script kiddie. How does this make them look less incompetent?

      Podesta used G-fucking-mail... HRC used a homebrew server for convienience... The DNC ran an UN patched Exchange server on Windows... I believe these are textbook definitions for incompetence!

      --
      Ken
    15. Re:Article disagreement by msauve · · Score: 2

      If that's true, shouldn't they have used "an" instead of "a".

      Shhh. You're disturbing the narrative. How can they be expected to place blame on others, if they have to accept personal responsibility? It was Comey's fault, anyway. Or maybe the Russkie's. Someone other than them, anyway.

      --
      "National Security is the chief cause of national insecurity." - Celine's First Law
    16. Re: Article disagreement by I'm+New+Around+Here · · Score: 2

      You can get someone's tax returns through FOIA requests now? I didn't know that.

      --
      If you think I voted for Trump because of this post, you're wrong. I voted for Dr. Jill Stein of the Green Party. Again.
    17. Re:Article disagreement by Cmdln+Daco · · Score: 2

      Probably what he should have done in the reply is not include the body of the message being discussed as part of the response, including the fraudulent link to change the email. . There was no reason for him to have chained the response along containing any of that information and the phishing link to click on.

    18. Re: Article disagreement by Xenographic · · Score: 4, Interesting

      They leaked some old ones, actually: http://www.nytimes.com/2016/10/02/us/politics/donald-trump-taxes.html?_r=0

      As for this story, it makes no sense. The email in question is here and for some reason, I was unable to find any links to it in either article. As an aside, why do media outlets fail so badly at citing sources like this? It should be utterly basic journalism, but the major papers routinely fail to do this very basic step and wonder why bloggers eat their lunch... This was first reported many weeks ago, they're severely behind the times on this. I mean, you know it's bad when you're scooped by Slashdot commenters.... sheesh!

      Back on topic, the relevant part of the response to the spear phishing email says this:

      This is a legitimate email. John needs to change his password immediately, and ensure that two-factor authentication is turned on his account. He can go to this link: https://myaccount.google.com/s... to do both. It is absolutely imperative that this is done ASAP.

      If you or he has any questions, please reach out to me at [redacted]

      It's definitely an illegitimate email, but there's more wrong with the statement above than just typing "a legitimate email" instead "an illegitimate email." Being illegitimate means they DON'T yet have his password, so there would be no reason to change it and no good reason to advise that! Two-factor authentication, however, is very reasonable.

      We know from the stats on the bit.ly link to the phishing page that Podesta didn't follow his instructions to go to https://myaccount.google.com/security though, and it's true that we can't hold Charles Delavan responsible for that part.

    19. Re:Article disagreement by dbIII · · Score: 2

      The email is either Gmail, or hosted Exchange

      This is slashdot, you should know better than to think those are the only choices.

      If getting your stuff in the newspaper is a catastrophe then expecting a third party and everything on the way to them to keep your secrets is just asking for trouble.

      BTW, the MS Exchange suite is very well named. The best thing to do with it is to exchange it for a different collection of software.

    20. Re: Article disagreement by RuffMasterD · · Score: 2

      Why don't you prove to us all how smart you are by telling us what is wrong with Gmail instead of anonymously insulting people?

      --
      Human Rights, Article 12: Freedom from Interference with Privacy, Family, Home and Correspondence
    21. Re:Article disagreement by AmiMoJo · · Score: 2

      This is the unfortunate reality of phishing and malware. The attack doesn't have to be very good, just persistent. Eventually someone will screw up, click the wrong thing, typo the response, and the bad guys are in.

      Time to hack = number of people in organization / quality of security

      Since "quality of security" can never be infinite, it's always just a matter of time.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  2. KGB by Anonymous Coward · · Score: 5, Funny

    That sounds like a really sophisticated Russian hacking effort! I'm glad the CIA is on it!

  3. Inflammable means Flammable? What a country! by jelwell · · Score: 4, Funny

    https://www.youtube.com/watch?...

  4. Lots of typos by DidgetMaster · · Score: 5, Funny

    Apparently, there were thousands of typos in the emails themselves. All those racial slurs. All those admissions of collusion with the press and super PACS. All those derogatory things the Clinton campaign was saying about Obama. All the campaign's dirty tricks. All the gaffes in Hillary's paid speeches....They were just all TYPOS!

    1. Re:Lots of typos by DerekLyons · · Score: 2

      That's the real shame here... the Left screaming and hollering about hackers, while trying to pretend the released information doesn't exist.

    2. Re: Lots of typos by kenh · · Score: 3, Interesting

      You can bet that the various Republican counterparts to Podesta have written much, much worse in their own email records;

      What a childish claim - why would the contents of RNC emails be 'much, much worse'? You could conclude that they likely have similar things in their emails.

      the only reason you don't know for sure is because it suits Russia's purpose to withhold that information from you for the time being.

      Or the RNC email server was secure?

      Or the RNC emails weren't as 'explosive'?

      Or the RNC simply wasn't targeted?

      Or any of a hundred other reasons...

      --
      Ken
  5. You don't need Russia or China by Crashmarik · · Score: 4, Informative

    To hack complete idiots.

  6. It's Podesta's fault too by voislav98 · · Score: 3, Funny

    Apparently he wasn't tipped off by the start of the email

    Comrade Podesta,

    Filthy imperialist pigs have hacked into you email. To change your password please click http://www.ussrlives.com/mail/

  7. Re:I call BS on the IT guy by JoeyRox · · Score: 2

    And furthermore, if the IT guy believed the email saying Posesta's account was hacked is illegitimate then why would he instruct Podesta to change his email password?

  8. text of email by Anonymous Coward · · Score: 5, Informative

    https://wikileaks.org/podesta-emails/emailid/36355

    [Edited to remove blank lines and phone numbers]

    Re: Someone has your passwrd

    From:mfisher@hillaryclinton.com
    To: slatham@hillaryclinton.com
    CC: john.podesta@gmail.com
    Date: 2016-03-19 12:14
    Subject: Re: Someone has your passwrd

    Hi- yes I will call John right away and work on new passwords. He will need
    to use my two step verification codes to sign in.

    Milia Fisher
    [phone number]

    On Mar 19, 2016, at 10:07 AM, Sara Latham
    wrote:

    The gmail one is REAL

    Milia, can you change - does JDP have the 2 step verification or do we need
    to do with him on the phone? Don't want to lock him out of his in box!

    Sent from my iPhone

    Begin forwarded message:

    *From:* Charles Delavan
    *Date:* March 19, 2016 at 9:54:05 AM EDT
    *To:* Sara Latham , Shane Hable
    *Subject:* *Re: Someone has your passwrd*

    Sara,

    This is a legitimate email. John needs to change his password immediately,
    and ensure that two-factor authentication is turned on his account.

    He can go to this link: https://myaccount.google.com/security [Stupid assistant ignored the correct way to chg pass]
    to do both. It is absolutely imperative that this is done ASAP.

    If you or he has any questions, please reach out to me at [phone number[

    On Sat, Mar 19, 2016 at 9:29 AM, Sara Latham
    wrote:

    > Sent from my iPhone
    >
    > Begin forwarded message:
    >
    [Forwarded Phishing Email from Delavan here]
    > *From:* Google
    > *Date:* March 19, 2016 at 4:34:30 AM EDT
    > *To:* john.podesta@gmail.com
    > *Subject:* *Someone has your passwrd*
    >
    > Someone has your passwrd
    > Hi John
    >
    > Someone just used your password to try to sign in to your Google Account
    > john.podesta@gmail.com.
    >
    > Details:
    > Saturday, 19 March, 8:34:30 UTC
    > IP Address: 134.249.139.239
    > Location: Ukraine
    >
    > Google stopped this sign-in attempt. You should change your password
    > immediately.
    >
    > CHANGE PASSWORD
    >
    > Best,
    > The Gmail Team
    > You received this mandatory email service announcement to update you about
    > important changes to your Google product or account.
    >
    --
    -Charles Delavan
    HFA Help Desk

    The HFA Operations Team is here to support you. Let us know how we’re doing
    by filling out a brief survey .

    So the help desk actually provided the correct URL to change the password, but the assistant went on click the phishing bit.ly link. Funnily enough, the HelpDesk monkey's sig contains a link to a survey using A BIT.LY LINK! LOL>

    1. Re:text of email by quenda · · Score: 2

      Not a very sophisticated phishing attack. I can't imagine an automated system saying "Someone has your password".
      Rather it would warn more like "We've detected suspicious activity in your account," and advise user to check it was OK.

      However, google security emails really are addressed "Hi " and signed "Best", so who knows??

      I'd expect the KGB version to be more polished.

    2. Re:text of email by Xylantiel · · Score: 2

      Given the nature of the hack, it seems like if Podesta had just enabled two-factor like he was told, the typo wouldn't have mattered and even giving the hackers his password wouldn't have mattered. The IT guy says right there that two-factor should be enabled as soon as possible, and even implies that it already should have been. Actually this level of person not using two-factor is just madness. And how does the first part of the email even make sense? Why would he use mfisher's two-step verification codes?

  9. Idiot by byteherder · · Score: 4, Insightful

    You mean he didn't check the url where he was giving his new password, he didn't log into Google directly, he didn't to make sure that the email was really sent from someone at Google.
    He blindly clicked on a link in an email and gave up his password.

    And this proves that Russia hacked is account.

    All this proves is that John Podesta is an idiot.

    1. Re:Idiot by Anonymous Coward · · Score: 2, Interesting

      >The fact that both DNC and RNC were hacked, but only the choicest bits of embarassing stuff from the DNC hacks were leaks, strongly suggest Russian involvement with the intent of benefiting Trump in the general.

      Except the Chairman of the Republican National Committee, Reince Priebus, said the RNC was not hacked.

      “The RNC was absolutely not hacked,” Priebus said.

      “Well, it’s really simple,” he added, when asked to explain the report. “Because when the DNC was hacked, we called the FBI and they came in to help us. And they came in to review what we were doing and went through our systems, went through every single thing that we did.”

      “I don’t know of any employees, on any of their own Gmail accounts, that was hacked,” he continued. “So what I’m trying to tell you is the RNC was not hacked, number one.”

      Keep trying!

  10. I blame Russia by ooloorie · · Score: 2

    Delavan told The New York Times he had intended to type "illegitimate," a typo he still has not forgiven himself for making. The email was a phishing scam that ultimately revealed Podesta's password to hackers. Soon after, WikiLeaks began releasing 10 years of his emails.

    The Russian psychic warfare department strikes again! We really need to stop those evil Russians meddling with our democracy! Who knows in what other nefarious ways they use their psychic superpowers!

  11. Re:I call BS on the IT guy by h33t+l4x0r · · Score: 2

    Who uses the word "illegitimate" to describe a phishing email?

    When you're talking to non-techies you do, if you said phishing email to Podesta he would start looking for his tackle box.

  12. Re:I call BS on the IT guy by Orgasmatron · · Score: 2

    I have never in my life referred to an email as "illegitimate". Not talking to bumpkins, not to construction workers, not to tradesmen, not to policemen, not to soldiers, not to doctors, not to lawyers, not to elected officials. Not to my employees, not to my bosses, not to CEOs, not to directors. Not to teenagers, not to millennials, not to adults, not to boomers, not to octogenarians.

    However, I use the phrases "That's spam, delete it." and "Fake, trash it." damn near every day.

    I haven't been around the world and seen everything, but I've seen a lot, and I've never met or heard of a group or demographic that would consider that phrasing normal.

    There are times when spinning a tall tail to cover your ego is appropriate, and times when it is not. There are also good lies and bad lies. This one was pretty bad, and at a time when he's got a sizable fraction of the world looking in his direction. A better lie, and one that every single IT professional and talented amateur in the world would have believed completely, would have been: "I'm sorry, I was about to check the headers and I got distracted by a phone call / person walking into my office. When I got back to it, I had lost my place and mistakenly thought that I had checked when I hadn't."

    --
    See that "Preview" button?
  13. and yet... by argStyopa · · Score: 4, Insightful

    ...we continue to talk about the HACK and who did it, not what the emails showed.

    --
    -Styopa
    1. Re:and yet... by dbIII · · Score: 2

      ...we continue to talk about the HACK and who did it, not what the emails showed.

      That's been done everywhere else, so why nor talk about the hack on a tech site and the politics on a political site?
      How about this suggestion - link to a one of the many places discussing what the emails showed.

  14. Damn autocorrect! by skids · · Score: 2

    General pactice when someoe is being tageted is t asume other attaks fromm other vectors are in pogress som of which may be crack-basd.

    I can titaly see this happening what wit today's autocorect, IT people not bein traned in gramar and always rushin, an the godamn suck ass chiclet keybords in us today.

    --
    Someone had to do it.
  15. These people mocked McCain over computers... by mi · · Score: 4, Insightful

    Eight years ago these people mocked McCain as "out of touch" for his reluctance to use a computer...

    Turns out, they need two layers of aides themselves to be able to tell an e-mail scam... Hypocrite scum.

    --
    In Soviet Washington the swamp drains you.
  16. Clear Language by n3r0.m4dski11z · · Score: 2

    Exactly. Having done this for a few years, CLEAR LANGUAGE is very important. There are english courses dedicated to that concept, but its pretty simple to grasp.

    "Yes, that's probably a virus. Delete it."

    While not exactly technically accurate, leaves absolutely no ambiguity. You would never tell the user to change their password, because obviously, they are being told that already by a third party so you telling them that would be an explicit validation of the problem and cause them to immediately act on it.

    That he says a typo is to blame is icing on the cake really. Like someone who went over reading bad correspondences they made and desperately searching for any reason that it is not their fault.

    Language of course, can only help if your direction is sound. And with that many screw ups in a tiny email, it was clearly not. This guy does seem like a bad admin at this point and perhaps, clueless. lor knows there are plenty of them

    --
    -