Wikileaks releases email that may have breached Podesta's account

Wikileaks releases email that may have breached Podesta's account
© Getty

WikiLeaks's latest batch of hacked emails suggests Hillary ClintonHillary Diane Rodham ClintonIf Mueller's report lacks indictments, collusion is a delusion Conservatives wage assault on Mueller report The wisdom of Trump's lawyers, and the accountability that must follow Mueller's report MORE campaign chairman John Podesta may have been skeptical of the phishing that compromised his account.

The security firm SecureWorks, which tracks the allegedly Russian hacking crew implicated in attacks against the Democratic National Convention, Podesta and others, discovered a Bitly account being used in those attacks and others.

ADVERTISEMENT

Bitly shortens web addresses and can be used to throw off web filters. The Bitly addresses were coded for specific victims.

The address coded for Podesta appeared in Friday’s dump of emails on WikiLeaks, attached to an early morning March 19 email requesting Podesta change the password to his Gmail account. Podesta chief  of staff Sara Latham forwarded it to IT staffer Charles Delavan.

“This is a legitimate email. John needs to change his password immediately, and ensure that two-factor authentication is turned on his account,” replied Delvan.

Latham forwarded Delvan’s email to special assistant Milia Fisher, asking her to help Podesta update his password.

“The gmail one is REAL Milia, can you change,” she wrote, “does [Podesta] have the 2 step verification or do we need to do with him on the phone? Don't want to lock him out of his in box!”

It is not certain if Podesta or Fisher clicked on the link, if someone else did, or if the same link was used in a later email. 

In his reply, Delvan suggested accessing "accounts.google.com" to change the password rather than suggest clicking on the link. By going directly to Google's site to change the password, the phishing attempt would have failed.