Democrats can shout “Russia hacked the election” until they’re blue in the face, but the fact remains that John Podesta wasn’t “hacked,” and neither was the Democratic National Committee.
Both Podesta and the DNC were duped into opening the front door to their email accounts by revealing their password information to attackers, which is a far cry from the forced penetration of their accounts suggested by the term “hack.” The simplicity of the attack doesn’t make the results less devastating, but it does something to deflate the notion that Russia pulled off some kind of wildly sophisticated and dangerous attack.
Here’s how the Podesta “hack” happened.
He received a spear phishing email designed to look like official communication from Google notifying him someone had tried to change his password. “Google stopped this sign-in attempt,” the email read. “You should change your password immediately.” The bottom of the email included a link labeled “Change Password” designed to fool the reader into giving away their password.
A Clinton campaign aide with access to Podesta’s account read the email and forwarded it to the IT aide, Charles Delevan, who mistakenly replied that the email was legitimate and instructed the aide to change his password. “This is a legitimate email,” Delevan wrote to the aide, Sara Latham, along with a link to a legitimate Google page to make the change. “John needs to change his password immediately.”
Latham then emailed another aide, Milia Fisher, and asked her to change the password. One of them then clicked on the phishing email link to make the change, which led them to a fake page and provided the attacker with Podesta’s password.
Delevan told The New York Times he is still haunted by the mistake that led to the release of tens of thousands of Podesta’s emails, and by some accounts, cost Democratic nominee Hillary Clinton the election. The campaign had been the target of dozens of similar phishing emails at the time, Delevan said, and he knew this email was one of them. He accidentally typed “legitimate” instead of “illegitimate,” a mistake he says has “plagued him.”
The DNC was hit by the same type of email, and in the same way gave attackers access to a trove of emails that led to the resignation of Rep. Debbie Wasserman Schultz as DNC chair. Neither attack was particularly complicated, in part because as it turns out a complicated attack wasn’t necessary to penetrate the accounts.
As the technology director at the DNC has acknowledged, the non-profit didn’t want to devote a lot of resources to cybersecurity, although he and his bosses were fully aware it would be a target for hackers. “There was never enough money to do everything we needed to do,” Andrew Brown told The New York Times regarding the decision that now appears so costly.
Russia didn’t hack into their accounts, and Russia didn’t hack into Podesta’s accounts, and Russia certainly didn’t “hack the election,” as so many media outlets are suggesting. Podesta and the DNC were simply duped.
Send tips to rachel@
Content created by The Daily Caller News Foundation is available without charge to any eligible news publisher that can provide a large audience. For licensing opportunities of our original content, please contact [email protected].