Wikileaks releases email that may have breached Podesta’s account

WikiLeaks’s latest batch of hacked emails suggests Hillary Clinton campaign chairman John Podesta may have been skeptical of the phishing that compromised his account.

The security firm SecureWorks, which tracks the allegedly Russian hacking crew implicated in attacks against the Democratic National Convention, Podesta and others, discovered a Bitly account being used in those attacks and others.

{mosads}Bitly shortens web addresses and can be used to throw off web filters. The Bitly addresses were coded for specific victims.

Phishing attack sent to Podesta March 19. He forwarded to campaign tech team, which told him it was real! OOPS!!! https://t.co/7YewaR3ilG pic.twitter.com/ro8lJRS84i

— Phil Kerpen (@kerpen) October 28, 2016

The address coded for Podesta appeared in Friday’s dump of emails on WikiLeaks, attached to an early morning March 19 email requesting Podesta change the password to his Gmail account. Podesta chief  of staff Sara Latham forwarded it to IT staffer Charles Delavan.

“This is a legitimate email. John needs to change his password immediately, and ensure that two-factor authentication is turned on his account,” replied Delvan.

Latham forwarded Delvan’s email to special assistant Milia Fisher, asking her to help Podesta update his password.

“The gmail one is REAL Milia, can you change,” she wrote, “does [Podesta] have the 2 step verification or do we need to do with him on the phone? Don’t want to lock him out of his in box!”

It is not certain if Podesta or Fisher clicked on the link, if someone else did, or if the same link was used in a later email. 

In his reply, Delvan suggested accessing “accounts.google.com” to change the password rather than suggest clicking on the link. By going directly to Google’s site to change the password, the phishing attempt would have failed.