Did a typo cost Hillary Clinton the White House?
Just before the 2016 US presidential election, WikiLeaks published over 20,000 pages of emails, lifted from John Podesta’s Gmail account. Podesta was chairman of Hillary Clinton’s presidential campaign, and the emails – which included references to foreign donations, Clinton’s Wall Street speeches, suggested she had heard debate questions in advance and started the whole Pizzagate conspiracy – were hugely damaging to the Clinton campaign. She ultimately lost the presidency to Donald Trump – who has since denied the CIA’s conclusions that Russian hackers acted to try to swing the election in his favour, despite literally inviting Russian hackers to target his opponent while campaigning.
The New York Times has the full inside story of how the Democrats’ computers became compromised, and I strongly recommend you read the whole thing, as it’s an astonishing account of basic cybersecurity incompetence and bad luck – including someone not believing FBI warnings because they thought the man giving them was an imposter. But one part in particular stands out.
It’s about this email. The New York Times explains:
“Given how many emails Mr Podesta received through this personal email account, several aides also had access to it, and one of them noticed the warning email, sending it to a computer technician to make sure it was legitimate before anyone clicked on the “change password” button.
‘This is a legitimate email,’ Charles Delavan, a Clinton campaign aide, replied to another of Mr Podesta’s aides, who had noticed the alert. ‘John needs to change his password immediately.’
With another click, a decade of emails that Mr. Podesta maintained in his Gmail account — a total of about 60,000 — were unlocked for the Russian hackers. Mr. Delavan, in an interview, said that his bad advice was a result of a typo: he knew this was a phishing attack, as the campaign was getting dozens of them. He said he had meant to type that it was an ‘illegitimate’ email, an error that he said has plagued him ever since.”
The email in question suggests Podesta turns on two-factor authentication too, but it’s astonishing to think that a major political figure who had been subject to “dozens of phishing attacks” didn’t have this in place to begin with.
Some speculate that it wasn’t a typo, and that Delavan is just covering up the fact he was fooled, but I’m not entirely convinced. Even a quick glance at the email in question has a couple of telltale signs that it’s not legit: the use of a bit.ly link to reset a password is a big red flag that I – definitely not a cybersecurity expert – spotted right off the bat.
Whether or not this ultimately cost Clinton the election is open to debate, but one thing is pretty clear: anyone running for office in 2020 definitely needs to get their security house in order.