Now that the election’s over, more Clinton officials and staffers are speaking publicly about the lax operational security that led to multiple hacker intrusions and email leaks, which the intelligence community overwhelmingly asserts were carried out by hackers affiliated with the Russian government. One of those leaks, comprising John Podesta’s large cache of personal emails, had devastating implications for the Democratic campaign, and happened because of … a typo.
In March, Podesta received a phishing email that warned him of someone trying to access his account. It instructed him to reset his password by following a hyperlink to a page hosted on myaccount.google.com-securitysettingpage.tk/security. While it might appear that he was visiting google.com, he (or a staffer who managed his email) went to com-securitysettingpage.tk.
Before doing so, however, a Clinton staffer checked to see if the email was legitimate; basic security stuff. She got a response back from another staffer, Charles Delavan, who wrote “This is a legitimate email. John needs to change his password immediately, and ensure that two-factor authentication is turned on his account.” He also explicitly directed them to a site on google.com.
The only problem is that Delavan meant to call the email “illegitimate.” From a new report in the New York Times:
Mr. Delavan, in an interview, said that his bad advice was a result of a typo: He knew this was a phishing attack, as the campaign was getting dozens of them. He said he had meant to type that it was an “illegitimate” email, an error that he said has plagued him ever since.
The Trump presidency: (at least partially) brought to you by some clumsy fingers.