Hillary Clinton’s presidential campaign knew within hours that something suspicious had happened to the email account of its chairman, John Podesta, according to a recent exchange published Friday by WikiLeaks.
“Someone has your password,” reads the subject line of a message sent to Mr. Podesta’s personal Gmail account on the morning of March 19, 2016.
The warning was signed by “The Gmail Team,” and was masqueraded to resemble a legitimate security notice from Google concerning a a supposed log-in attempt said to have happened moments earlier. The message said Google had just prevented someone from signing-on to Mr. Podesta’s account from an Ukrainian internet address, and that he should change his password immediately. It even provided a web address where he could do so that had been conveniently abbreviated by Bitly, a popular link-shortening service.
Researchers said previously that hackers working for the Russian government used this exact “spear-phishing” technique to compromise Mr. Podesta’s account, but the exchange published Friday by WikiLeaks shows for the first time precisely how the Clinton campaign reacted in the aftermath of one specific hacking attempt.
The phishing email arrived in Mr. Podesta’s inbox at 4:34 a.m. on March 19 and made its way later that morning to Sara Latham, his chief of staff. Ms. Latham forwarded the purported security warning at 9:29 a.m. to Charles Delavan, a member of Mrs. Clinton’s IT team, who fired back a response less than 30 minutes later.
“This is a legitimate email. John needs to change his password immediately, and ensure that two-factor authentication is turned on his account,” Mr. Delavan wrote, referring to a security practice which requires a user to input secondary, sometimes time-sensitive credentials when signing-on to an account.
While the email most certainly wasn’t legitimate — security researchers have traced the Bitly link it included to a server tied to Russian hackers, not Google —Mr. Delavan passed along the address of the actual site where Gmail users can update their credentials and enable two-factor authentication.
“It is absolutely imperative that this is done ASAP,” the tech expert wrote in his 9:54 a.m. email to Ms. Latham. She forwarded the instructions around two hours later to Mr. Podesta and another Clinton staffer, Milia Fisher.
“Milia, can you change,” she wrote, asking in the same email if Mr. Podesta already has two-factor authentication enabled. “Don’t want to lock him out of his inbox!”
It isn’t clear from the leaked emails what happened next, but Mr. Podesta’s account was eventually compromised and its contents handed off to WikiLeaks for publication. The anti-secrecy website began releasing the correspondence on Oct. 9, and has put out more than 35,000 emails as of Friday. It said previously it plans to publish upwards of 50,000 messages before the Nov. 8 presidential election.
The Bitly link included in the phishing email was one of four used by a Russian hacking group known as “Fancy Bear” to specifically target Mr. Podesta, according to SecureWorks, an Atlanta-based security firm that has investigated the breach. When expanded, the Bitly link directed users to a bogus website purportedly run by Google containing a supposed password-reset form.
SecureWorks told The Washington Times on Friday that the particular link sent to Mr. Podesta had been clicked twice, but couldn’t confirm if any credentials were entered once the phishing site was opened either time.
Attempts to reach the Clinton campaign staffers implicated in the exchange were not immediately successful.
According to SecureWorks, hackers working for the Russian government used this exact phishing technique against several members of Mrs. Clinton’s campaign between March and May 2016, as well as individuals associated with the Democratic National Committee and other U.S. political organizations believed to be targeted by Moscow.
Fancy Bear hackers sent similar password reset links to 108 email addresses associated with Mrs. Clinton’s campaign, as well as 26 personal Gmail accounts associated with either her camp, the DNC or others recently targeted, according to SecureWorks. The same hackers previously used the exact tactic to target current and former military, political and government leaders Ukraine and Georgia, as well as Russian dissidents and Syrian rebels, its researchers said.
The Obama administration said earlier this month it’s confident recent computer hacks and emails leaks suffered by the Democratic Party were coordinated by senior officials in the Russian government in an effort to interfere in the U.S. election. On Thursday, Russian President Vladimir Putin described the accusation as “hysteria” whipped up by Washington.
“Does anyone seriously think Russia can somehow influence the choice of the U.S. people? Is the U.S. some kind of banana republic?” Mr. Putin asked at an event in Sochi. “The United States is a great power. Please correct me if I’m wrong.”
• Andrew Blake can be reached at ablake@washingtontimes.com.
Please read our comment policy before commenting.