"This is a legitimate email, John needs to change his password immediately"
It turns out that one of the most high profile and public email hacks in political history started with a simple typo. An aide to John Podesta, Hillary Clinton’s campaign chair, saw an email supposedly from Google arrive in his inbox.
The email said Podesta needed to change his password immediately as someone else had it, and used it to log in. Of course most adult internet users know they should never believe emails like this, let alone click on any links within them. It’s fair to say that even the unsophisticated internet user has seen more devious scams than this simple one.
Podesta’s aide showed the email to another staffer who was a computer technician. The computer technician promptly replied, “this is a legitimate email, John needs to change his password immediately”. He didn’t write illegitimate, and instead wrote legitimate – dooming 10 years of Podesta’s privacy and delivering about 60,000 emails to the waiting hands of Russian hackers.
The aide, Charles Delavan, says the typing error has plagued him ever since. He knew it was a phishing attack, but without checking what he wrote caused quite the episode.
A huge distraction
The email hack was inevitably headline grabbing and all-round embarrassing for Clinton and her staff. Many revealing details about the campaign and how it was run came to light. It came right at the end of the presidential campaign and served as easy fodder for Republican attacks and caused many key Clinton campaign personnel to spend time putting out fires where there needn’t have been any.
It also came on the heels of an equally damaging, but separate, email hack on the Democratic National Committee.
Of course we did get to see Podesta’s risotto recipe, on the plus side.
Most consequential typo in human history?
— Sahil Kapur (@sahilkapur) December 13, 2016
Sahil is probably correct.
Of course some people are speculating that Delevan is just using typo as an excuse, rather than owning this gargantuan mistake. Quite possibly so. It seems odd that he would advise Podesta to change his password since the phishing email was obviously bogus. While it might be prudent advice to change your password regularly if you are handling such sensitive information on a Gmail account, clicking the email link does not seem like the obvious way to do it.
“John needs to change his password” is not what you say when you’re flagging a change-your-password phishing message. pic.twitter.com/ZJbBsemW3T
— Tom Scocca (@tomscocca) December 13, 2016