Digital Security Test Shows Podesta Emails UNALTERED By WikiLeaks

(ABC/screen shot)

Daily Caller News Foundation logo
Luke Rosiak Investigative Reporter
Font Size:

A fourth of the nearly 23,000 emails hacked from Hillary Clinton campaign chairman John Podesta’s Gmail account and made public by WikiLeaks were verified by The Daily Caller News Foundation as authentic.

TheDCNF used a digital security test employed by email providers to determine whether messages have been tampered with or otherwise modified.

Passing the test means the email as posted by WikiLeaks is exactly the same as when it was sent. The test used by TheDCNF on all of the emails contained in WikiLeaks’ first 13 Podesta releases to date is the DomainKeys Identified Mail (DKIM) security measure.

Another fourth of the emails failed the test, which can mean they were altered, but can also occur for other reasons, most significantly that the server has changed its keys since the email was sent. About half of the failed Podesta messages were sent between 2007 and 2014.

Verifying with DKIM involves cross-referencing a key stored on the server that sent the email, so it can’t be forged. It is used by many popular email programs, including Gmail, but about half of the 23,000 messages came from programs that don’t use the security system, or didn’t at the time, and thus could not be assessed one way or the other.

The WikiLeaks Podesta emails have prompted a storm of controversy, beginning in August when it was revealed the Democratic National Committee, under its then-chairman Debbie Wasserman Schultz, was biased against the insurgent presidential campaign of Vermont Sen. Bernie Sanders. Wasserman Schultz was forced to resign the day before the Democratic National Convention nominated Clinton.

More recently, Donna Brazile, who succeeded Wasserman Schultz, claimed she was being “persecuted” when asked about a Podesta email describing her receiving a debate question in advance from CNN, which she then relayed to the Clinton campaign. In a recent interview with Fox News’s Megyn Kelly, Brazile claimed the email was “doctored.”

But the Brazile email was verified as authentic Friday by TheDCNF. Neither the Clinton campaign nor Brazile have since responded to TheDCNF’s requests for comment. TheDCNF also asked for any example of a WikiLeaks Podesta email the Clinton campaign believes is not authentic, so it can be DKIM tested.

There are many reasons why a particular email could fail the DKIM test. Even a single character being changed — in the email or as part of invisible formatting or in attachments — would make it fail. Filters designed to strip out viruses or otherwise massage emails for formatting purposes could do it. Failed messages were significantly more likely to have attachments than those that passed the test — DKIM checkers like the one used by TheDCNF are known to choke on attachments.

Intentional deception by WikiLeaks, of course, would cause the emails to fail. But many of the messages are things like ads from Foot Locker — unlikely vehicles for nefarious modification by Russian hackers.

In this case, perhaps the most likely cause is that the authentication code on the server that sent the emails has changed in the years since they were written.

To conduct the check, the verification asks for a “public key” from the sender’s email server and compares it to a code sent in the email. The code is a result of running an algorithm on the email’s text, so any modification to the text would create a different code, and therefore a mismatch. The algorithm uses a “private key” that is known only by the sending server.

Relying on a real-time check of the person’s server is what keeps hackers from being able to thwart the system. But at the same time, it means that if the server’s DKIM settings change, emails will no longer verify. For normal uses, that isn’t a problem since its main goal is to filter spam and scams at the time they are originally received.

As an explanation on tech website ServerFault puts it, “if you leave the selector unchanged while updating the RSA-key, than a side effect is that…. remote clients… that for whatever reasons want to check the DKIM-signature included in their old/archived e-mails, will fail the verification process (as the archived e-mail has been signed with a private-key whose public-one, the one published on the DNS, has been updated and now is different!).”

The existence of the DKIM poses difficulty for those scrambling for plausible deniability. Even an aspiring screenwriter who emailed an embarrassingly bad piece of fiction to “Professor Podesta” begging for some Hollywood help was squirming to know whether he could continue to deny having written it.

The implication was that Russian hackers knew the individual sought to become a screenwriter and took the time to write an entire play just to embarrass him. He denied sending the screenplay, but DKIM showed that the email was unaltered.

Below is a list of messages that are undeniably proven to be authentic and unmodified:

Follow Luke on Twitter. Send tips to luke@dailycallernewsfoundation.org.

All content created by the Daily Caller News Foundation, an independent and nonpartisan newswire service, is available without charge to any legitimate news publisher that can provide a large audience. All republished articles must include our logo, our reporter’s byline and their DCNF affiliation. For any questions about our guidelines or partnering with us, please contact licensing@dailycallernewsfoundation.org.