Russian hackers infiltrated Podesta’s email, security firm says
The next morning, digital security researcher Matt Tait, chief executive of the United Kingdom-based firm Capital Alpha Security, captured screenshots from digital activists indicating they had remotely erased all the content from Podesta’s Apple devices. If true, that would mean Podesta probably hadn’t changed his iCloud password since it had appeared in the WikiLeaks dump.
The Clinton campaign has not confirmed the digital wipe. It has also refused to verify or dispute the authenticity of many of the WikiLeaks emails, including the one that revealed Podesta’s iCloud password. Still, the incidents have served as yet another distraction for the campaign amid the daily WikiLeaks releases, which were already generating headaches.
Security researchers said Thursday that they believe that hackers linked to Russian intelligence had committed the original breach of Podesta’s Gmail account, using another all-too-common exploit: In March, the hackers sent him a bogus alert that appeared to come from Google, warning Podesta that “someone has your password.” That apparently prompted Podesta to click a link that redirected him to a fake Google login page, where he entered his credentials. (The site Motherboard initially reported the researchers’ conclusions.)
Podesta, a former senior White House official in the Obama and Bill Clinton administrations, is far from the first prominent political figure to fall victim to basic security lapses.
In 2012, Gawker reported that hackers had broken into Romney’s personal Hotmail account after correctly answering his backup security question: “What is your favorite pet?” Though reporters never confirmed speculation that the pet was Seamus — the Irish setter that Romney had famously transported on the roof of his car — these type of questions are easy for digital intruders to research and answer when they involve famous people. (The culprit who took credit for the intrusion claimed to have not taken any information.)
During the 2008 election, a University of Tennessee student used a similar technique to break into the Yahoo email account of Republican vice presidential nominee Sarah Palin, then disclose some of her messages to WikiLeaks. The student was later sentenced to a year in federal custody.
And just last month, a federal judge sentenced Marcel Lazar — a Romanian hacker who went by the alias “Guccifer” — for infiltrating the emails of several Bush family members. The intrusion brought to light images of former President George W. Bush’s paintings, including a self-portrait of him in the shower.
Even top intelligence officials have had their own digital fumbles. Within the last two years, intruders compromised the personal email accounts of both Clapper, the director of national intelligence, and Brennan, the CIA chief.
In Brennan’s case, hackers penetrated his AOL account by posing as Verizon employees and getting AOL to reset his password. While a strong password would not have prevented this, turning on two-step authentication could have stymied the hackers.
But Brennan had no such security installed, allowing the digital pranksters to steal and publish the spy chief’s application for a security clearance, a document that included exhaustive amounts of personal information in addition to sensitive details such as Brennan’s Social Security number. Authorities recently arrested two North Carolina men on charges of committing the break-in.
Washington’s problems with passwords are so well-known it’s reached the point of self-parody. President Barack Obama joked about it last year during the White House’s much-hyped cybersecurity conference at Stanford University.