Podesta's Email Wasn't "Hacked" By Russians, He Just Fell For A Typical Phishing Scheme
A Clinton campaign aide says that a typo in a March 19 email sent to John Podesta is to blame for opening the campaign chairman’s Gmail account up to Russian cyber hackers.
The IT aide, Charles Delavan, tells The New York Times that his error — typing the word “legitimate” instead of “illegitimate” to describe a hacker’s email — continues to haunt him.
“This is a legitimate email,” Delavan wrote to Clinton campaign aide Sara Latham after she forwarded him a spear phishing email sent to Podesta’s account that was designed to look like official correspondence from Google.
“John needs to change his password immediately,” Delavan added, while also providing a link to a Google page that would have allowed Podesta to safely change his email password.
Latham then emailed Milia Fisher, another Clinton campaign aide who had access to Podesta’s account, asking her to change Podesta’s password.
Someone, either Fisher, Latham or Podesta, clicked on a Bitly link embedded in the hacker’s fake email that led to a prompt to enter the password for Podesta’s account. That move gave the hackers access to Podesta’s account, and his nearly 60,000 emails. The contents of the account were published by WikiLeaks beginning in October.