John Podesta Reportedly Fell For Russian Phishing Attack Thanks To A Typo

Hillary Clinton’s campaign chairman, John Podesta, reportedly clicked on a phishing email that led to the theft of tens of thousands of emails after an aide mistakenly wrote to him that it was a “legitimate”—rather than “illegitimate”—message.

That error has haunted Clinton campaign aide Charles Delavan ever since, the New York Times reported Tuesday in a lengthy look at the Russian-directed hacks of Democratic organizations and operatives.

In recent days, unnamed intelligence officials have told several media outlets that the thefts of emails from the Democratic National Committee, Podesta and others were directed by the Russian government with the express goal of aiding Donald Trump’s candidacy (the FBI reportedly disagrees and believes the Russian government merely sought to sow doubt about the legitimacy of the electoral process).

The Times’ investigation found the attacks were exacerbated by costly mistakes on the part of the Clinton campaign, DNC and FBI.

For example, the report states a tech support contractor at the DNC, Yared Tamene, performed only cursory searches for signs of a hack after being initially contacted by FBI special agent Adrian Hawkins in Sept. 2015 with a warning that the DNC’s servers had been compromised. Despite several more calls in following weeks, Tamene didn’t intensify his efforts.

“I had no way of differentiating the call I just received from a prank call,” Tamene wrote in an internal memo obtained by the Times, referring to Hawkins. “I did not return his calls, as I had nothing to report.”

Hawkins never emailed Tamene out of fear the hackers would know they were being tracked, according to the report. Both Tamene and the FBI declined to comment to the Times for its story.

Tamene’s memo reveals he installed a “robust set of monitoring tools” in April, months after being initially notified of the hacking threat. Then on the eve of the White House Correspondents dinner, Amy Dacey, then chief executive of the DNC, was finally alerted to an unauthorized person with administrator-level clearance in the DNC’s system.

The DNC then hired CrowdStrike to quietly rebuild its system from scratch and search for foreign intruders. Within a day, the firm had identified the breach as originating in Russia. It further attributed the hack to two groups, “Cozy Bear,” or “the Dukes,” a group which Hawkins had asked Tamene to monitor in his original September phone call, and “Fancy Bear,” which first infiltrated Democratic Congressional Campaign Committee computers in March and then moved on to the DNC.

By then, it was too late.

This post has been updated.

Dear Reader,

When we asked recently what makes TPM different from other outlets, readers cited factors like honesty, curiosity, transparency, and our vibrant community. They also pointed to our ability to report on important stories and trends long before they are picked up by mainstream outlets; our ability to contextualize information within the arc of history; and our focus on the real-world consequences of the news.

Our unique approach to reporting and presenting the news, however, wouldn’t be possible without our readers’ support. That’s not just marketing speak, it’s true: our work would literally not be possible without readers deciding to become members. Not only does member support account for more than 80% of TPM’s revenue, our members have helped us build an engaged and informed community. Many of our best stories were born from reader tips and valuable member feedback.

We do what other news outlets can’t or won’t do because our members’ support gives us real independence.

If you enjoy reading TPM and value what we do, become a member today.

Latest Livewire
Masthead Masthead
Founder & Editor-in-Chief:
Executive Editor:
Managing Editor:
Associate Editor:
Investigations Desk:
Director of Audience:
Editor at Large:
General Counsel:
Head of Product:
Director of Technology:
Associate Publisher:
Front End Developer:
Senior Designer: