Slashdot Mirror
A Typo Led To Podesta's Email Hack, Says Report (thehill.com)
tomhath quotes a report from The Hill: Last March, Podesta received an email purportedly from Google saying hackers had tried to infiltrate his Gmail account. When an aide emailed the campaign's IT staff to ask if the notice was real, Clinton campaign aide Charles Delavan replied that it was "a legitimate email" and that Podesta should "change his password immediately." Instead of telling the aide that the email was a threat and that a good response would be to change his password directly through Google's website, he had inadvertently told the aide to click on the fraudulent email and give the attackers access to the account. Delavan told The New York Times he had intended to type "illegitimate," a typo he still has not forgiven himself for making. The email was a phishing scam that ultimately revealed Podesta's password to hackers. Soon after, WikiLeaks began releasing 10 years of his emails.
Clinton campaign aide Charles Delavan replied that it was "a legitimate email"............he had intended to type "illegitimate,"
If that's true, shouldn't they have used "an" instead of "a". These are college graduates after all, right?
That sounds like a really sophisticated Russian hacking effort! I'm glad the CIA is on it!
Apparently, there were thousands of typos in the emails themselves. All those racial slurs. All those admissions of collusion with the press and super PACS. All those derogatory things the Clinton campaign was saying about Obama. All the campaign's dirty tricks. All the gaffes in Hillary's paid speeches....They were just all TYPOS!
https://wikileaks.org/podesta-emails/emailid/36355
[Edited to remove blank lines and phone numbers]
Re: Someone has your passwrd
From:mfisher@hillaryclinton.com
To: slatham@hillaryclinton.com
CC: john.podesta@gmail.com
Date: 2016-03-19 12:14
Subject: Re: Someone has your passwrd
Hi- yes I will call John right away and work on new passwords. He will need
to use my two step verification codes to sign in.
Milia Fisher
[phone number]
On Mar 19, 2016, at 10:07 AM, Sara Latham
wrote:
The gmail one is REAL
Milia, can you change - does JDP have the 2 step verification or do we need
to do with him on the phone? Don't want to lock him out of his in box!
Sent from my iPhone
Begin forwarded message:
*From:* Charles Delavan
*Date:* March 19, 2016 at 9:54:05 AM EDT
*To:* Sara Latham , Shane Hable
*Subject:* *Re: Someone has your passwrd*
Sara,
This is a legitimate email. John needs to change his password immediately,
and ensure that two-factor authentication is turned on his account.
He can go to this link: https://myaccount.google.com/security [Stupid assistant ignored the correct way to chg pass]
to do both. It is absolutely imperative that this is done ASAP.
If you or he has any questions, please reach out to me at [phone number[
On Sat, Mar 19, 2016 at 9:29 AM, Sara Latham
wrote:
> Sent from my iPhone
>
> Begin forwarded message:
>
[Forwarded Phishing Email from Delavan here]
> *From:* Google
> *Date:* March 19, 2016 at 4:34:30 AM EDT
> *To:* john.podesta@gmail.com
> *Subject:* *Someone has your passwrd*
>
> Someone has your passwrd
> Hi John
>
> Someone just used your password to try to sign in to your Google Account
> john.podesta@gmail.com.
>
> Details:
> Saturday, 19 March, 8:34:30 UTC
> IP Address: 134.249.139.239
> Location: Ukraine
>
> Google stopped this sign-in attempt. You should change your password
> immediately.
>
> CHANGE PASSWORD
>
> Best,
> The Gmail Team
> You received this mandatory email service announcement to update you about
> important changes to your Google product or account.
>
--
-Charles Delavan
HFA Help Desk
The HFA Operations Team is here to support you. Let us know how we’re doing .
by filling out a brief survey
So the help desk actually provided the correct URL to change the password, but the assistant went on click the phishing bit.ly link. Funnily enough, the HelpDesk monkey's sig contains a link to a survey using A BIT.LY LINK! LOL>