How a single typo led to the destruction of Hillary Clinton's presidential campaign

The hackers used fake Gmail warnings to infiltrate accounts of political figures.

The Podesta emails were released in batches by whistleblowing organisation WikiLeaks Chip Somodevilla/Getty Images

On the morning of 19 March this year, just before 10am, a staffer at the Democratic National Committee (DNC) called Charles Delavan sent an email referencing John Podesta, the campaign chair of presidential candidate Hillary Clinton. "This is a legitimate email," he wrote.

What Delavan could not have known at the time is that this one sentence would lead to the release of tens of thousands of Podesta's own emails discussing the heart of the Clinton campaign – a move that would plague the candidate widely expected to become the next US commander-in-chief.

As reported in the New York Times in a detailed summary of the entire DNC hacking ordeal, Delavan had been forwarded an email purporting to be a warning from Google about suspicious activity on Podesta's Gmail account. He was asked if it seemed suspicious.

Advertisement

"Someone just used your password to try to sign into your Google account," the "Google" email said, warning that the sign-in attempt had occurred in Ukraine. "Google stopped this sign-in attempt. You should change your password immediately."

It included an enticing bit.ly link.

Delavan replied that it was indeed "legitimate" and advised that Podesta should enable two-factor authentication on the account immediately. Yet this, as the DNC staffer told the New York Times in an interview, was an unfortunate typo.

The aide said he was aware the message was a phishing attempt because the campaign had already received others. He claimed he actually meant to flag the message as "an illegitimate" email. (Some have openly doubted this claim.)

The email was, we now know, likely sent from a sophisticated team of Russian hackers branded Fancy Bear (or ATP 28) who had long been conducting a widespread email phishing campaign against key political figures and Democratic Party-linked groups.

Whatever the case, the damage was done: the link was clicked and the hackers were in. The emails, over 58,000 in total, were later released by whistleblowing outfit WikiLeaks however its founder, Julian Assange, has publicly criticised any assertion Russia was the source of the data.

In June, SecureWorks, a cybersecurity firm, released rich analysis about the types of phishing emails sent by Fancy Bear – a group that regularly infiltrates military and government targets. By focusing specifically on the Bit.ly links, it showed in vivid detail how Gmail accounts could be accessed.

Advertisement

The New York Times report reveals that while it could be easy to blame a single typo for the demise of the Democratic Party's 2016 presidential effort, it was in fact a series of cybersecurity blunders that led to the DNC being hacked – including FBI warnings being completely ignored.

By the time the group employed security experts at CrowdStrike to investigate the suspected intrusion, hackers had been inside DNC networks for up to a year. As the Times found, it took less than 48 hours for the firm to conclude that known Kremlin-linked groups had played a role.

Toni Gidwani, a director of research operations at ThreatConnect, one of the security firms that investigated the Russian hacking campaign, told IBTimes UK in an interview that Fancy Bear continues to use the same tactics for one simple reason: it works.

"Why use your most sophisticated tool if a very simple one gets you in the door?" she said.

Advertisement

"[Hackers] will use phishing to get in and then start deploying tools that will allow them to get access to other parts of the network. Once that happens, it becomes much more difficult to eject them from the network."

While the ultimate aim of the hacking is still being debated, the Central Intelligence Agency (CIA) has said it believes the cyberattacks were a co-ordinated effort to help elect Donald Trump. US intelligence chief Michael Rogers previously said the attacks were very clearly a "conscious effort by a nation-state".

© Copyright 2017 IBTimes Co., Ltd. All Rights Reserved.