John Podesta

Image courtesy of CNN

Podesta Was Lured by Time
Tested Hacker Trick

| published November 2, 2016 |

By Keith H. Roberts, Thursday Review staff

It’s one of the oldest tricks in the bag for hackers, and computer and internet users have been warned to steer clear of the scam for decades—the cyber equivalent of Arizona beach front property or the deed to the Brooklyn Bridge. A top Clinton campaign operative nevertheless fell for the ploy, and as a result thousands of emails were stolen by Russian hackers, then, later obtained and published by Wiki Leaks.

John Podesta, Democratic nominee Hillary Clinton’s campaign chairman, apparently took the bait in a common phishing scam in which hackers—typically posing as the tech support for a legitimate email service such as Gmail, Yahoo, AOL or Hotmail—tell a user via an email that for security reasons that he or she must make changes to their account. The email contains a link which customers are urged to follow, whereupon they are asked to “confirm” or change their password. Armed with the new password, and sometimes additional security data, the hackers then enter the account unimpeded.

According to the Democratic National Committee and cyber security experts investigating the matter, Podesta fell for just such a scheme—even after forwarding the suspicious looking email to the cyber security team working for Clinton. Clinton’s networking gurus cleared the email, telling Podesta that it appeared to be a legitimate correspondence from Gmail, but stressed that he should change his password via a direct link at Gmail. Despite this standard warning, Podesta managed to click the phony link anyway, sending him directly into the waiting arms of the hackers.

That digital mishap, which computer owners and email users have been warned away from for years, opened up an avenue of easy access to a group of hackers believed by U.S. law enforcement to have direct connections to Moscow and to Russian President Vladmir Putin. More than 45,000 emails have become public as a result of that cyber breach, with unfortunate consequences for the Clinton campaign and the DNC.

The “change your password” scam is an old scheme which dates back to the early 1990s and may have been around as long as emails have been commonly used. A tool in the general bag of tricks known as phishing, and something that security experts have warned people to steer clear of, it nevertheless tricks thousands of email users each month and each year into giving hackers access to their information. Most cyber experts advise customers to routinely change their important passwords, but to do so only by going to the legitimate website or online face of the email service or account—never through a link in an email, whether it appears to be legitimate or not. Most online services and email providers advise their customers that they will never “ask” for a password, especially within an email, and in most cases even live customer service reps cannot see a customer’s password. Furthermore, computer users have been warned for decades to steer clear of any email that asks for a password.

But Podesta was apparently convinced by the email, then, because of a miscommunication between Clinton’s tech people and Podesta, proceeded to fall for the gag even after taking steps to have the email double-checked for authenticity. Podesta’s misteps, and the failure of Clinton’s tech team to more forcefully wave the campaign chairman off from a potential hazard, has tossed the more-or-less continuous narrative of Clinton’s mishandling of emails as Secretary of State back onto the front pages, and has spurred additional heartache for a presidential candidate still locked in an extremely close race against her opponent, Republican Donald Trump.

The issue of Clinton’s use of a private email account and an offsite server (the server used by Clinton was housed in the Clinton’s private home in Chappaqua, New York) have been a constant drag on her campaign narrative almost from the moment her candidacy became official in early 2015. The fracas spurred a long FBI investigation, closed months ago but now reopened in light of the discovery by FBI agents of an additional cache of more than 50,000 emails on a laptop belonging to former N.Y. Congressman Anthony Weiner—also under investigation—which includes correspondence between Clinton and top Clinton aide Huma Abedin.

Related Thursday Review articles:

New Email Problems May Dog Clinton Through Election Day; Thursday Review staff; Thursday Review; October 30, 2016.

White House: FBI Director in a Tough Spot; Thursday Review staff; Thursday Review; November 1, 2016.