December 15, 2016

The unbelievable "typo" story about how Podesta got phished.

Slate's Will Oremus examines the story, propounded by the NYT, that John Podesta relied on advice from an IT guy who wrote "This is a legitimate email" but says he'd made a "typo" and had meant "This is an illegitimate email." Oremus asks the obvious question: Did you also typo "a" for "an"?

The IT guy, Charles Delavan, told Podesta to change his password and to set up two-factor authentication, but he gave him a correct link to Google's website. Podesta reacted by clicking on the link in the original nonlegitimate email, which is a mistake that anyone using email should know about.
Asked about the a/an discrepancy, Delavan told me the Times had the wording wrong. Delavan had actually meant to type that it was “not a legitimate email,” but mistakenly omitted the word not. Are you sure, I asked? “Yes,” he said. I asked why, if Delavan knew the email was not legitimate, he still directed Podesta to change his password....  Delavan said he recommended the password change “out of an abundance of caution,” even though he knew the request was a scam.
There would have been no problem if Podesta hadn't gone to the bad link. Delavan's "abundance of caution" failed to take 2 steps of caution that could have helped save Podesta from his own personal witlessness. Delavan should have had that "not" and should have said don't click the link in that email.

Actually, I don't think Podesta was personally involved in any of this. Delavan interacted with Podesta's chief of staff, Sara Latham. Podesta looks like a fool, and there's this lame effort to shift the blame to Delavan. How about paying more attention to Latham? Are women just invisible?

Ah, I see this at Politico, from October 28th:
"John needs to change his password immediately, and ensure that two-factor authentication is turned on his account. He can go to this link: https://myaccount.google.com/security to do both,” the staffer said. "It is absolutely imperative that this is done ASAP."

His chief of staff, Sara Latham, wrote to another Podesta aide, Milia Fischer: "The gmail one is REAL Milia, can you change - does JDP have the 2 step verification or do we need to do with him on the phone? Don't want to lock him out of his in box!”...
So it was Milia Fischer who failed to use the correct Google link but went back into the original phishing email? How many layers of unsophistication did they have over there at the Clinton campaign?

Here's Milia Fischer's LinkedIn page. Photo:



And as long as we're shining a light on Milia Fischer, there's this Breitbart item from October 16th, "WikiLeaks Reveals Podesta’s Obsession with Aliens… Space Aliens!" in which we learn that Fischer once forwarded Podesta a message from Tom DeLonge (a pop singer, late of Blink-182).
“Please show Mr. Podesta this private teaser. Let him know that I am spending all afternoon interviewing a scientist that worked on a spacecraft at Area 51 tomorrow,” DeLonge wrote.
Fischer's forwarding message said that DeLonge seems to have met with Steven Spielberg about some project that he wanted to get Podesta in on. Here's Podesta enthusing about aliens:



Maybe aliens hacked the election. All that "Russians" business is code, you know.

ADDED: The underlying NYT article has mind-bending statements like:
While there’s no way to be certain of the ultimate impact of the hack, this much is clear: A low-cost, high-impact weapon that Russia had test-fired in elections from Ukraine to Europe was trained on the United States, with devastating effectiveness. For Russia, with an enfeebled economy and a nuclear arsenal it cannot use short of all-out war, cyberpower proved the perfect weapon: cheap, hard to see coming, hard to trace.
The story is about the idiocy of falling for phishing! How is that "hard to see coming"? And what's the point of tracing it? Just never fall for it and the problem is solved, wherever the hell it came from. The Russians don't deserve special credit for devious genius. The Clinton campaign deserves to be lambasted for its shocking stupidity. And these are people who wanted to be trusted with the nuclear codes and who relied on the argument that Donald Trump is a dangerous ignoramus.

141 comments:

Joe Biden, America's Putin said...

It's too bad we found out that Podesta is a major cog in the corrupt money-grubbing money-grubbing schemes of the ultimate money-grubbing whores, the Clintons.

A crying shame.

Michael K said...

The whole Clinton campaign seems to be a clown show.

I recommend Taleb for an explanation.

these self-described members of the “intelligentsia” can’t find a coconut in Coconut Island, meaning they aren’t intelligent enough to define intelligence hence fall into circularities — but their main skill is capacity to pass exams written by people like them. With psychology papers replicating less than 40%, dietary advice reversing after 30 years of fatphobia, macroeconomic analysis working worse than astrology, the appointment of Bernanke who was less than clueless of the risks, and pharmaceutical trials replicating at best only 1/3 of the time, people are perfectly entitled to rely on their own ancestral instinct and listen to their grandmothers (or Montaigne and such filtered classical knowledge) with a better track record than these policymaking goons.

Read the whole thing, as Insty says.

Matt Sablan said...

... Phishing is not hacking.

The fact they can't even get that part of the story right worries me.

Matt Sablan said...

"Podesta or one of its aides,"

... His. One of HIS aides Slate.

Bob Ellison said...

Are you sure you can post that LinkedIn picture of Fischer? If you're a member and have clicked on the EULA, maybe not without silly and small repercussions.

The picture seems unwise, though. Hey, I'm pretty and young! Link to me!

Matt Sablan said...

"The implication was that the Clinton campaign was compromised not by incompetence, but by a slip of the fingers."

-- Not proofreading IS incompetence.

Curious George said...

Podesta: "It seems inconceivable there aren't aliens"

Only to people that believe there are.

Original Mike said...

So this question isn't new but I haven't seen a definite answer yet. Is the Podesta f-up separate from the "Russian hacking" story?

Ann Althouse said...

Podesta or one of its aides...

Aliens!

rehajm said...

Also, when referring to the virtual, 'inbox' is one word.

Curious George said...

Funny they can use the word "alien" for people they have never seen but not for the millions pouring over the border and openly living among us everyday.

Levi Starks said...

Instead of obsessing about the how and why of the email revelations, shouldn't we be thanking our lucky stars that we were given a glimpse into the minds of those that would be our master? I will allow that there is some small additional bonus in the display of ineptitude of the actors.

rhhardin said...

Are women just invisible?

It's a woman's kind of ignorance so the blame lands elsewhere.

Matt Sablan said...

Also, I don't buy the story.

Read this:

"This is a legitimate email. John needs to change his password immediately, and ensure that two-factor authentication is turned on his account."

The fake email said to do this:

"Google stopped this sign-in attempt. You should change your password immediately."

I read that as the tech guy agreeing with what the fake email just said to do. I think the IT guy screwed up and did not realize that it was a fake email until after. Also, this seems to be a "call the guy and walk him through the fix" sort of problem not, "fire off a not even proofread email." The IT team may be busy, but not THAT busy.

The other possibility: The IT guy did not realize exactly how much crap Podesta had on his GMail account, and certainly did not think that it was filled with work documents.

Also: “I’m sitting here and, as I’m applying for jobs and trying to figure out the rest of my life, I’m wondering, ‘Is this something that’s going to haunt me the rest of my life?’”

Yes. This is a huge screw up that literally lead to your company's email being compromised. I would never hire the guy, and I doubt anyone who takes security seriously will either.

rhhardin said...

Illegal space aliens.

Original Mike said...

Are Podesta's emails the same as the DNC emails or were those two separate incursions?

Sebastian said...

We barely escaped being ruled by people like this. And to think that the Clinton mantra was "competence."

The #NeverTrumpers never seriously considered the alternative, which made me a #NeverNeverTrumper. Happily.

MadisonMan said...

I see it as a future Rom-Com movie. Jeff Goldblum will star as Podesta.

Matt Sablan said...

"Are Podesta's emails the same as the DNC emails or were those two separate incursions?"

-- I believe they are separate, and if you believe Wiki Leaks, they claim the DNC leaks came from an inside source, not hacked.

gspencer said...

And the Democrats call the rest of us loons!

Original Mike said...

" I would never hire the guy, and I doubt anyone who takes security seriously will either."

But he can always get a job in Hillary's White House.

Oh, wait....

rehajm said...

Is CNN okay with us looking at these emails now or is it still illegal?

Original Mike said...

"-- I believe they are separate, and if you believe Wiki Leaks, they claim the DNC leaks came from an inside source, not hacked."

And, as you say, Podesta's phishing is not hacking. So, nobody got hacked anywhere.

tim in vermont said...

What is important is that nobody get the notion that Assange hates Hillary as a peace activist and instead they must believe him to be a Russian stooge.

Original Mike said...

Although, now that I think back, wasn't it the DNC emails that were claimed to have been hacked by the Russians?

rehajm said...

Damn autocorrect.

Martha said...

Wow. The IT guy guy lies almost as well as Hillary lies.
And takes responsibility as well.
And of course he keeps his job despite proven incompetence.

NorthOfTheOneOhOne said...

Meh. This is about saving Podesta's bacon. I've been in corporate IT for over twenty years and have met very few ivy league, hotshot, senior management types that could even remember their passwords and those that could generally freaked out when you talked about a reset. I can't see Podesta being much different.

exhelodrvr1 said...

The more the Democrats complain about Trump winning, the more of this type of stupidity will come to light. Same thing with the recounts shining a light on the Democrats vote fraud. It is increasingly obvious that they are both evil and stupid.

I fear that that is going to make the Republicans overconfident and sloppy, though.

MadisonMan said...

The things that gets me about this -- as someone with a .gov email account -- is that there are lots and lots of Security trainings you have to take to keep you account. There are incredible hoops you have to go through to import data onto a government computer. Everyone in Government knows this.

Hillary and her inner circle of sycophants seems to have taken great pains trying to circumvent this and did so without thinking, seemingly, why those restraints are there: Because people want the information. I can't decide if it's because they're thinking they're above it all, or just because they are old old Boomers who still think it's 1974 and "....oooh...computers!!!" so they don't really understand the new technology. In contrast, Trump as a businessman will have dealt with people trying to hijack accounts.

Either way, very glad these clowns have been shown for what they are: incompetent with secrets.

madAsHell said...

yeah....but she won the popular vote!!

tcrosse said...

Illegal space aliens.
Undocumented space aliens, if you please.

Ann Althouse said...

"Are women just invisible?"

Women hide in plain sight and it works.

rehajm said...

The giveaway that it's CYA is the recommendation to change the password immediately which is unnecessary if you believe the email is illegitimate...

Original Mike said...

Undocumented extraterrestrials.

Original Mike said...

Blogger rehajm said..."Damn autocorrect"

I turned mine off. It created more mistakes than it corrected. And the mistakes were more embarrassing.

rhhardin said...

Women hide in plain sight and it works.

Nice pic via an instapundit commenter, that I hadn't seen before.

Presumably by some engineer, who gets the poetry right.

Abstraction is more important in poetry than is credited, making guys wind up the poets.

Fabi said...

And this band of misfits thought they were qualified to run our country. Let that sink in.

rehajm said...

How many layers of unsophistication did they have over there at the Clinton campaign

It's highly correlated to the number of scandals they need to clean up by firing underlings.

Psota said...

That Milia should have listened to more mansplaining...

William said...

The correct term is undocumented space traveler. Everyone assumes space travelers look skinny, bald, and weird like John Podesta. Nothing could be further from the truth. Space travelers, as readers of Flash Gordon are aware, are frequently young, pretty, and voluptuous. Green skin is easily concealed under pancake makeup, and pretty women are just background music at important events. My suspicions are beiginning to fall on this young woman.

Laslo Spatula said...

In Milia's photo her shoulders are rolled forward, as if she was enhancing cleavage that we cannot see.

Thus, this photo has been cropped.

What else has been cropped out of this photo?

What secrets did her cleavage fail to hide?

You have to look at what is NOT in the photo to better understand the photo.

Also: Just how big are her breasts?


I am Laslo.

Bob Ellison said...

I heard Trump say in an interview that he doesn't use email. That's pretty weird, even for someone his age. Maybe it's a factor in being a rich guy who sees his life as always being managed by underlings in various ways: this person handles my email; this one does my voicemail; I do my own Twitter, damn it!

But Podesta and Hillary and many others should not even be doing email in the first place. Ditto Obama. He didn't know clintonemail.com was not a government account? What kind of idiots are pretending to run our government?

tcrosse said...

The Evil Princess Aura, daughter of Ming the Merciless, comes to mind. Although she is eventually redeemed by her somewhat sado-masochistic love for Flash. Not to be confused with Cleolanta, the Suzerain of the planet Ophecius, who fell hard for Rocky Jones, Space Ranger.

Brando said...

That Milia Fischer is quite the comely lass! But what does all this matter? Sounds like a lot of bus-under-throwing, trying to blame someone else for falling for a phishing scam. It's part of the problem with a large and unwieldy and not particularly brilliant campaign operation. There'll always be a weak spot!

Megthered said...

Trump said early in his campaign that he didn't do email and in interest of his office, there are no computers. He said it was something he never did. He has people for that. I also think he probably has one of the most secure IT department store in the country.

Brando said...

"But Podesta and Hillary and many others should not even be doing email in the first place. Ditto Obama. He didn't know clintonemail.com was not a government account? What kind of idiots are pretending to run our government?"

Maybe it's a generational thing, though Obama's relatively young and ought to know better (e-mail was a common thing for 20 years). I figure most higher ups never really e-mail because they have minions for that. As for why Obama (or his minion) never figured out "Clintonemail.com" I'm guessing they had so little communication with her that they barely noticed.

ddh said...

In Chapter 22 of "Il Principe," Machiavelli says you can always judge the brains of a prince by the quality of the people he has around him. It's a good thing this insight doesn't apply to princesses.

Matt Sablan said...

"As for why Obama (or his minion) never figured out "Clintonemail.com" I'm guessing they had so little communication with her that they barely noticed."

-- Obama knew. Huma Abedin updated them everytime anything on the site changed, and Obama corresponded using a pseudonym on her server.

donald said...

I'd tap it. She wouldn't tap me, but I'm there for ya toots.

Ambrose said...

Next up from Hilary: "I may have lost the Presidency, but I know a guy in Nigeria who was able to smuggle out a fortune in cash - and he's going to put most of it into my bank account."

YoungHegelian said...

The Russians don't deserve special credit for devious genius. The Clinton campaign deserves to be lambasted for its shocking stupidity.

Clearly, the Clintonistas had developed a corporate culture where it was okay for the senior staff to be computer illiterate. It was okay for Hillary, & so it became okay for her senior underlings. IT, even the fundamentals of computer security, was something the "hired help" did.

The old office adage of "Real Men don't Type" has not survived well into an age where everyone is expected to type their memos in Word. Your secretary doesn't do that anymore, as in days of yore. But, the attitude behind RMDT still survives & indeed flourishes. Podesta's behavior is a sterling example.

Dude1394 said...

The only thing devastating is how far democrats will go to seize power. They do not care for filibusters, they contest elections, they riot, they commit violence, their candidate supports the winning candidates removal after the fact, they threaten electors.

This is the behavior of organized crime. Disgusting and any person supporting this is going to have a rude awakening when this is turned against them.

Chris N said...

I see it all now:

1. Area 51 is a sanctuary city for undocumented space aliens.

2. Java is what we could understand of their language.

3. Phishing scams are what devious Rooskies have done to that language...weaponizing it.



Lewis Wetzel said...

So, given the rhetoric on the Left, this one, single, itsy-bitsy typo will lead to an authoritarian state, complete with putting "undesirables" in camps, followed by the death of the biosphere from global warming.
Great job, sparky. Type much?
Since this typo caused Trump's victory, why is the Left blaming Putin? When a person is shot, you don't blame the bullet, you blame the guy who pulled the trigger, even if it was an accident.

Bob Ellison said...

YoungHegelian, what you say rings likely.

But there are all of those emails from "H", and pictures of her on her Blackberry. She betrayed herself as someone who didn't know what she was doing.

One of the Real Men Don't Type rules is that Real Men Don't Do Stuff They Don't Understand. Don't get behind the wheel of a car with a standard transmission if you can't drive stick. Don't get in the cockpit of a 747 if you're not a highly educated pilot. Don't talk to Russian officials if you don't have a clue who they are.

Rick said...

Brando said...
As for why Obama (or his minion) never figured out "Clintonemail.com" I'm guessing they had so little communication with her that they barely noticed.


They did figure it out. There's no other explanation for Obama using an alias only when communicating via Clinton's email.

Rick said...

Matthew Sablan said...
... Phishing is not hacking.


Hack:
Use a computer to gain unauthorized access to data in a system.

Phishing is hacking. It's not particularly sophisticated or demonstrate high level knowledge and thus doesn't suggest state level perpetrators. But it is hacking.


Security Hacker Wiki:

Techniques

...
Spoofing attack (phishing)
A spoofing attack involves one program, system or website that successfully masquerades as another by falsifying data and is thereby treated as a trusted system by a user or another program — usually to fool programs, systems or users into revealing confidential information, such as user names and passwords.

Limited blogger said...

Amazing! The Dems have put half the toothpaste back in the tube.

Rick said...

Ann Althouse said...
Women hide in plain sight and it works.


This seems a corollary to your theorem that you can discuss any difference between genders real or imagined as long as your frame the female side as positive.

Corollary:

A woman's role in any event will be interpreted to the most female-advantageous possibility, advocating or even recognizing any other possibility is misogyny.

Michael K said...

"I fear that that is going to make the Republicans overconfident and sloppy, though."

Republicans are Charlie Brown and the football. You watch waiting for the miss. Trump might be different.

Among other things, he has been dealing with New York City unions almost as long as Vito Corleone.

Bob Ellison said...

"Hack" is a relatively modern term, and a loose one. Ruling "phishing" out of the "hacking" world does not help understanding. If you're trying to gain access that you know you shouldn't have to an automated system, you're hacking. Doesn't matter whether it's email or an ATM or a Prius. Hacking is hacking.

For more study, see "alt-right".

Birches said...

I read this article yesterday and was amazed by the incompetence at the DNC. The non typo is the least of their problems. They already had someone get into the system before Podesta through the same phishing scheme. Their IT guy doesn't know how to verify if someone is from the FBI, so he just sits on his many phone calls... it's crazy!

After reading the story in the NYTs I actually believe the RNC when they say they weren't hacked. I just can't imagine they are that incompetent.

Bill Peschel said...

Anyone with a little bit of experience with government emails would know instantly that "Clintonemail.com" is NOT an official U.S. Gov. website.

That's what the ".gov" suffix is for. The fact that they ignored that every time an email was sent from there indicates their thinking or lack there of.

What also impressed me about that New York Times story was the opening photograph showing a bare room with a file cabinet from Watergate, the server that was hacked, and a picture of Obama.

Since the reporter mentions that scene, it leads me to ask:

1. Really?

2. The Democrats have a bare room with the file cabinet involved in Watergate?

3. They happen to remove the server and place it there for reasons? Because they like to have a room to show off their accomplishments?

4. And the NYT photographer happen to see that there? He wasn't, say, escorted to that room and received hints this would make a great photo?

5. At the end of the story, the NYT apologized to its readers. There was a page from the Washington Post re: Watergate on the wall. The photographer removed the picture and then took the photo.

Second thought:

An FBI agent sees evidence of Rooskis hacking the DNC's computer, and all he does is phone their IT several times to warn them. Doesn't refer it upstairs (apparently). Doesn't request a meeting with the IT department (or the head of their IT department). Just calls the Help Desk. You know, like we do when we lose our password or Russians are launching numerous phishing attempts on our system.

Then there's the IT guy, who HEARS that Rooskis are trying to enter the system, and the best he does is check the logs? He doesn't take the FBI agent's calls because he's not sure if the guy is real? And HE doesn't do much more except send a note to his superior.

And then there's the superior, who hears that Rooskis are trying to hack into your computer system. And he shrugs his shoulders.

And The New York Times expects us to panic over this? I'd rather take the same attitude as the FBI and the DNC. No bigs.

Birches said...

I don't think anyone in DC will ever be as incompetent as the people surrounding Podesta again, that's how incompetent they were.

PB said...

It's typical of this group of Democrats to keep making up shit and throwing it at the wall to see what sticks. They'll never admit the truth.

Gretchen said...

Space Aliens hacked Podesta's computer.

Gretchen said...

Sorry, Undocumented Space Beings hacked Podesta's computer.

Did they vote in California too?

mockturtle said...

Bill Peschel: Good analysis.

Matt Sablan said...

I've always assumed human/social engineering, like phishing, was a distinct and separate threat from physical hacking of systems. Interesting that they're rolled together, when I don't think they were a few years ago.

MikeR said...

I'm an IT guy at a major American hospital. We're not so afraid of our computers getting hacked, but we are very very afraid of losing patient info. HIPAA. Our head of security has told us that his group discovers several infected computers _per day_. Sometimes they don't even bother cleaning them. Our responsibility is (a) don't do really stupid stuff like clicking on unrecognized links, (b) keep sensitive patient information away from the outward-facing computers, (c) and don't take it physically out of the hospital (flash drives, laptops), (d) encrypt everything.
This is ABCs in the business today. You _will_ be hacked. If you have many employees, some of them will click on the wrong links in their email. Plan on it, and protect what you need to protect.

Chuck said...

So Althouse uses the word "unbelievable," in its correct, proper sense. The subject of her post was positing a story, that was not believable. Hence, "unbelievable."

Will the Trumpkins understand? Or will they think that the story is "the greatest," or "tremendous," or "incredible"?

http://qz.com/792825/presidential-debate-donald-trumps-great-tremendous-unbelievable-penchant-for-hyperbole/#int/words=dinner_supper&smoothing=3

Thorley Winston said...

I don’t work in IT but occasionally I get emails from family members or older colleagues forwarded to me asking if it’s “safe” to click on a link. My standard practice when I reply is to change the subject line of the email in my reply to read “Don’t Click On The Link You Sent Me.”

Usually that’s enough.

campy said...

Are women just invisible?

When there's blame to be assigned, yes.

Static Ping said...

I have worked in IT for many years. You will never go wrong in assuming that your users are idiots that need to be explained the most obvious things in minute detail. They are not all idiots - some or even most of them may be very computer savvy - but it is better to be cautious in case your prize user has a blind spot. Paranoia is your friend.

The first thing in the email should have been something like "DELETE THE EMAIL IMMEDIATELY. DO NOT CLICK ON THE LINK. NEVER CLICK ON AN EMAIL LINK IF YOU ARE UNSURE." This should have been followed by further instructions and perhaps an explanation.

What amazes me here is that apparently this was a common issue and Delavan had not setup a boilerplate for this scenario. I can totally understand accidentally dropping "not" in the sentence - it is something I do from time to time when I am distracted - but for something so important and so critical it is a big mistake. As to hiring him in the future, people make mistakes. If he's smart, he will learn from this and never do this again. The difference between an experienced IT expert and some dumb kid out of college is experience. That said some dumb kids out of college just become dumb veteran employees. I do sense that he is going to have trouble in the short-term given the yugeness of the mistake.

exhelodrvr1 said...

Michael K,
" Trump might be different."

Trump will be - his lack of political obligations, and his willingness to go outside the box, gives the Republicans an exceptional opportunity here. But it takes more than just Trump - the representatives and the senators have to go along with him. Based on what happened during the campaign with their lack of, or at best tepid, support, and considering the tremendous social pressure that will be put on them to be "anti-Trump", they can still screw this up.

Static Ping said...

P.S. While paranoia is your friend, it does not always work. I have instructed users to never ever do something, only for someone to almost immediately do that something. On one occasion, the person in question did it more than once even after getting burned twice in a row. You also need to learn which users never read their emails and require communication on the phone or in person.

HoodlumDoodlum said...

Ann Althouse said...The Russians don't deserve special credit for devious genius. The Clinton campaign deserves to be lambasted for its shocking stupidity.

You're correct, Professor, but I'm afraid you're missing the point: this is about the Obama Administration. The Media is happily swallowing Obama's assertion that his have been "scandal free" terms and that there have been no successful attacks against American during his Presidency. From publicly available information, though, it seems like the US got our ass kicked in the domain of cyberwarfare--to a shocking degree. The OPM hack and the numerous other failures to protect essential government systems should be a scandal; you can be certain that if those happened under a Republican Pres. the Media would call it a scandal and hype the damage nonstop.
All of this happened under Obama, and all of this happened after the (Hillary-led) State Dept's "Russian Reset" and changed approach to diplomacy generally (undoing those dark years of cowboy Bush making the world hate us). The Media's decision to deflect blame from Democrats and from Obama himself makes sense in the context of the Media's ridiculous partisanship and bias--they have to portray the Russians as dark geniuses suddenly conspiring to undercut the smart, successful Dem candidate because to do otherwise would be to admit the truth about a key Obama failure.

Since Obama can't have done wrong--since opposition to Obama can only be the result of regressive Republican racism--the Media has to portray these events in the ridiculous way you highlight, Professor. Once you embrace the idea that the MSM is a propoganda organization for the Left it all makes sense.

Mick said...

They are attempting to take the focus off of what in IN the emails (Clinton Foundation Corruption, Democrat Party fixing the election against Saunders, #Pizzagate) by arguing about who "Hacked" or "Leaked" the emails.
These are sick and demented Satanists and Pedophiles, and also Deranged Narcissists. Narcissists can never be "wrong".
Why does Podesta, the former Chief of staff of Obama, have child torture art in his home?
Why has he made no claim of innocence to being a pedophile?

By the way, he is one creepy looking SOB.

Matt Sablan said...

"While there’s no way to be certain of the ultimate impact of the hack, this much is clear: A low-cost, high-impact weapon that Russia had test-fired in elections from Ukraine to Europe was trained on the United States, with devastating effectiveness."

-- If we can't be certain of the ultimate impact, how do we know there was a "Devastating effectiveness." And what is devastating about Podesta's emails being public? Clinton would have lost with or without Russia's intervention, if they did intervene to harm the person who sold them Uranium and whose party scoffed at the idea of an antagonistic Russia while promising them more flexibility in the future. So, even if Russia DID decide to act against their own interests, she was most likely going to lose knowing what we know now about her incompetence in the Rust Belt.

Matt Sablan said...

"He has never held a job with actual deliverables."

-- "Personally, I liked the university. They gave us money and facilities, we didn't have to produce anything!"

Marc in Eugene said...

Jim Geraghty at NR this morning addressed the "the media is happily swallowing Obama's" nonsense issue that HoodlumDoodlum brings up. More than half of the hacking or whatever events he writes about I had forgotten about. "During his remarks after meeting with his Commission, Obama announced [a fortnight ago!], 'I have consistently made cybersecurity a top national security and economic security priority.' Mm-hmmm."

http://www.nationalreview.com/corner/443080/post-cyber-security-era

Martin said...

The more I see the more convinced I am that this country really dodged a bullet on November 8. The Clinton team was not only corrupt, which we already knew, but staggeringly incompetent in all things, big (campaign strategy) and small (email hygiene).

Whatever problems Trump brings, there are countervailing forces (the media, academics, the Democrats, half of the Republicans) to keep him from running off the rails.

Clinton, OTOH, would have been unrestrained, and as we are now seeing, she and her team were not only corrupt and power-hungry, but idiots.

Martin said...

Anyway, phishing stuff like this is so common, (a) there is nothing especially Russian govt about it, it really could be someone in their basement, and (b) if you fall for that you have no business on the internet

Hyphenated American said...

Som this is how the Russians got an undocumented access to podesta's emails.

Birches said...

@mikeR

Good explanation, but security in your hospital's way becomes almost impossible when everyone wants access on their smartphone, right?

mockturtle said...

Podesta gives me the creeps.

Matt Sablan said...

"Good explanation, but security in your hospital's way becomes almost impossible when everyone wants access on their smartphone, right?"

-- Probably easier to tell hospital administrators and doctors no than the Secretary of State's staff.

mockturtle said...

Amen. Why the Dems did not dump Podesta when the contents of his emails first came out is beyond me. Instead, they made him the most visible spokesperson, when he came out, instead of Hillary, on election night.

Same reason they are considering, in light of Trump's victory, appointing Keith Ellison to head the DNC. Sheer cluelessness.

Anonymous said...

Oh, let me count the ways, MadisonMan.

1. Its actually not 'phishing' but rather 'spear phishing'. Phishing is sending an email out to lots of people hoping to get credit card info. Spear phishing is the targeted emails to specific people, while trying to get access to a particular target. Normally, but not in this case, the email is personalized.

2. Podesta was Bill Clinton's F'ing Chief of Staff, for God's sake, and before that worked as a Hill staffer. He got years and years of security lectures. Those are for the little people I guess.

3. Apparently Podesta's ID and pswd were like some STD, everybody in the organization down to the Researchers had access to it? Was it on a sticky not taped to his monitor?

4. This all happened after the Hillary email scandal. Don't these A$$holes learn?

5. It's a good thing these bozo's didn't win, or we'd have another HillaryGate scandal in the WH.

Matt Sablan said...

"1. Its actually not 'phishing' but rather 'spear phishing'."

-- Here's the thing, was it though? It was the standard GMail phishing scam that I've reported/deleted multiple times from my personal GMail account. If it had gone to his .gov or business account, I'd think he was targeted. This looks to me like he got caught in a basic phishing scam, and then the person opened the bag of goodies and went: "Holy crap."

Kyzer SoSay said...

@ Laslo 8:48AM

I must admit, anytime I see a woman's picture from the shoulder line up, if she has a pretty face I automatically wonder about her breast size. Evolution, I suppose. Before I got married, every pretty face was a potential lay, and they damn well best be able to feed my future brood.

Of course, to get that lay, I will be the utmost gentlemen, only showing the sarcastic asshole side when it may lead to furtherance of my goal. And I will be a committed and caring father. But it always comes back to breasts. Despite my semi-frequent admissions, my wife fails to understand just how much power she has jutting from her chest. Her femininity is the President Pro Tempore of my cranial Senate - in a 50/50 split, my dick decides, and my dick is pretty happy with marriage so far. And so it goes.

My wife once complained that I was too manly for my own good. Later that afternoon, she told me how it wasn't fair for her to be so turned on by the smell of sawdust. Of course we were under the covers at the time. Like most well-adjusted females, what really turns my wife on is a good man secure in his masculinity and not afraid to display it more than is considered politically correct.

Kyzer SoSay said...

But, on topic, I'm still profoundly happy that Hillary lost, and I don't buy the typo story one bit. And I also don't buy the notion that both attacks, or any of them, were conclusively Russian in origin. Perhaps one hacking or the other, but not both.

Michael K said...

I keep telling people that, if they want to learn about what hacking is and how hard it can be to find who is doing it, read The Cuckoo's Egg by Cliff Stoll. It's dated but still one of the best accounts of real hacking around.

It's obviously not for the techies but is fun to read.

Christy said...

Am I the only one who sees e-mail from "John Doe" when he is a regular correspondent. John.Doe@agency.gov only shows up when the e-mail is printed (and who prints e-mail?) or if he is not in my address book. Do you think Obama set up his own address book? I easily see why Obama might not have realized Hillary was using her own server.

I'm down with the wisdom of assuming Obama is lying when his mouth is moving, but on this he gets the benefit of doubt from me.

Yancey Ward said...

I am willing to cut the IT guy a break on all but the typo.

Look at it from his point of view- he gets an e-mail/call from Podesta or his aides asking about what to do with a clear example of a phishing expedition. What is he to think about this? He can't know that Podesta hasn't already given away his password information, even if Podesta himself said that he hadn't done so. If I were in his shoes, I wouldn't take Podesta's word at face value, and it gets even worse if you are dealing with aides who clearly also have access to the e-mail account. Prudence would seem to require that he recommend a password reset, and he did include the legitimate web address to do so. I believe him when he said he accidentally omitted the word "not"- I sometimes do that myself when writing comments, or anything else, though such elisions are more likely to occur if I am typing rather than writing longhand.

Anonymous said...

Yancy said... Prudence would seem to require that he recommend a password reset, and he did include the legitimate web address to do so. I believe him when he said he accidentally omitted the word "not"- I sometimes do that myself when writing comments, or anything else, though such elisions are more likely to occur if I am typing rather than writing longhand.

LOL,

Prudent IT guys, lock the acct, immediately walk to the Boss's office, go through the pswd reset while standing there, give him a class of safe practices and go back and check the logs.

Matt Sablan said...

"I'm down with the wisdom of assuming Obama is lying when his mouth is moving, but on this he gets the benefit of doubt from me."

-- If he didn't know about the server, why use a pseudonym when communicating with it?

Peter Metcalfe said...

I kind of think it is more likely that the intended phrase was "This is not a legitimate email" rather than "This is an illegitimate email". In my experience, dropping a negation when typing a sentence happens more often than the rather fantastical three letter typo.

Yancey Ward said...

Drill Sgt,

Yes, perhaps I should have written "minimal prudence". In fact, I meant to write it, but accidentally omitted "minimal".

Christopher B said...

I'm inclined to give the IT guy a break, too.

This sounds like what typically happens to turn a minor annoyance into a major error - somebody misreads or misinterprets some message, overreacts, and Murphy takes over.

I'm betting the IT guy has auto-correct turned on for his emails, and this is why I do my best to avoid having it active anywhere (spell check/suggest is a different animal) because very often you won't notice that it's 'corrected' to a word you didn't want to use. I have a feeling the email was intended to admonish Podesta and his aides to enable the two-factor id at some time but got misinterpreted twice. Number one, that his password had been compromised (it wasn't), and then number two, instead of using the real Google link the one from the phishing email was used.

Yes, hand-holding Podesta or one of his posse through the response would have been the absolute best thing to do but I don't think the IT guy saw this as something that needed immediate action. He recognized it was a phish and didn't indicate that Podesta's account was compromised - yet.

mikee said...

TL;DR: Hacks done got hacked.

Ron Winkleheimer said...

3. Apparently Podesta's ID and pswd were like some STD, everybody in the organization down to the Researchers had access to it? Was it on a sticky not taped to his monitor?

Don't be silly, it was placed under his keyboard, to keep it secure.

It's basic IT security to tell people DO NOT SHARE YOUR PASSWORD. And of course, it's the higher ranking people who do.

Ron Winkleheimer said...

Anyway, if you get an email, from anyone, telling you that you need to reset your password, and it gives you a link to reset that password, don't click on that link. It's a phishing scam.

You heard it hear first.

Michael said...

There exists still a group of oldsters who pride themselves on their lack of technical expertise. These are those who have their assistants print out their emails which they put in folders and read over the weekends and hand annotate and deliver back to the assistants on Mondays with a great sense of being ultra on top of their work. Excepting Hillary, they still cling to their fax machines and filofaxes.

When they do bother to look at their screens they often note that "it" is asking them to do this or that and they give more respect to a pop up than to an email.

These were the people who would have led us

Bill Peschel said...

Static Ping, I wish I could upvote your commentary. It certainly matches my experiences with working with people on their computers (not a techie, just someone who's been working on/with them for far too long).

MikeR said...

Wow: Anne gets a mention on instapundit - as an "Obama voter"! https://pjmedia.com/instapundit/251954/

Birches said...


-- Probably easier to tell hospital administrators and doctors no than the Secretary of State's staff

That was my point. The drs don't care as much as the freaking political aides.

Big Mike said...

In order for the story to be true Delavan had to mistype two words: "a legitimate" versus "aN ILlegitimate" site. Possible, but not altogether plausible.

I agree with Bill Peschel's comment at 9:34 and his endorsement of what Static Ping wrote. Every time you think you've made a system interface foolproof, you wind up with a new appreciation of the level of foolishness among IT users. The company I retired from had its IT staff generate fake phishing messages and send them out to random employees as a supplement to mandatory annual training (BTW "random" included IT staffers too) to see who would bite. Some folks never did learn.

Anonymous said...

This is nonsense on stilts … I have long suspected that the Wikileaks "leaks" were actually provided to Wikileaks by someone other than the Russians.

I have no doubt that the Russians, the Chinese and a whole host of other hackers have been busy probing every source of information they could enter and stealing every secret they could. It's what every government's spy agency does. They probably got into Hillary's server, and read Podesta's e-mails (and many others).

But the Russians, Chinese and other State actors would prefer to keep the information they obtained for purposes of gaining leverage over American officials. It makes no sense to release blackmail information about the person who all the polls showed to be the winner of the Presidential election.

You hold that information until you can find a way of threatening to expose corruption in order to get a better deal at the bargaining table.

So a Wikileaks envoy today claims he personally received Clinton campaign emails in Washington D.C. after they were leaked by 'disgusted' whisteblowers - and not hacked by Russia.

This does NOT mean that the Russians didn't hack into every possible electronic source they could. It simply means that they were not the ones who provided the information to Wikileaks. "The Russians did it" is simply the DNC, the media (but I repeat myself) and the Hillary campaign trying to delegitimize the Trump election.

At this point I believe Wikileaks and not the CIA, the press or the DNC.

Known Unknown said...

Re: Ms. Fischer.

This is what happens when you hire twelve-year-olds.

furious_a said...

Yes. This is a huge screw up that literally lead to your company's email being compromised. I would never hire the guy, and I doubt anyone who takes security seriously will either.

Which, logically, Podessta would have transitioned seamlessly to a senior White House advisory role.

furious_a said...

The more I see the more convinced I am that this country really dodged a bullet on November 8.

Dude, we dodged a farking extinction-level asteroid strike.

Night Owl said...

"The Clinton campaign deserves to be lambasted for its shocking stupidity."

Althouse, a sincere thank you, for your ability to not only see through the fog of propaganda and spot the salient points but also for taking the effort, in this and other recent posts, to shine a spotlight on them.

With hindsight, we can see that the DNC lost the campaign when they chose the incompetent and corrupt Clinton as their candidate. Along with the, as you said, shocking stupidity revealed, wikileaks also revealed just how far the corruption and collusion went in the DNC and MSM's attempt to foist this unlikable candidate onto the American people. I suspect both the DNC and the MSM hope the fog they are creating will obscure these inconvenient facts.

Facts that have already created a big problem for the MSM and their DNC backers: The scary -- especially to them-- reality that The NY Times, WaPo and other MSM outlets are losing their legitimacy and credibility in the eyes of many Americans. In an obviously desperate attempt to mitigate the damage done to their reputations by wikileaks, the propagandists have created the narrative that wikileaks is part of a "crisis" of "fake news" -- even though no one has been able to deny anything the wikileaks revealed.

The DNC propagandists then trot out the mother of all conspiracy theories, that Russian hackers took down (incompetent, unlikable) Hillary. In other words, (as you astutely observed in another post), they are pushing "fake news" in an attempt to regain legitimacy over the other alleged purveyors of "fake news".

Someday, when the ability to write sharp satire returns to our culture, someone will write about the 2016 campaign and its aftermath and it will be hysterically funny. (Do you write comedy by any chance?)

geoffb said...

The supposed phishing email arrived at 4:34 AM on March 19th. The exchange between the IT guy and Podesta's Aide happened at 2:07 PM on the same day with another email between the Aide and another person 7 minutes later.

However the trove of emails "hacked" doesn't stop on the 19th when you would assume that once they'd clicked on the bait they would have realized the error fairly soon and changed his password for real, but continues until the afternoon of the 21st at least. Which says it took a couple days to figure out that they had messed up. Or this is just an excuse they are throwing against the wall to see if it sticks.

One question is that since the IT guy included the real Google link, in plaintext form, in his email response why would anyone go and click on the link in the phishing email since it was not done in plain text but was a "bit.ly" link where you don't know by looking at it what it is sending you to?

Matt Sablan said...

"One question is that since the IT guy included the real Google link, in plaintext form, in his email response why would anyone go and click on the link in the phishing email since it was not done in plain text but was a "bit.ly" link where you don't know by looking at it what it is sending you to?"

--- Podesta is not a very smart man, from all I've seen.

MAJMike said...

Sounded like a vast load of bovine excrement when I first heard the story yesterday. As with a pile of offal, age has not improved its quality.

MAJMike said...

Oh! By the way, notice how the Corrupt Clintonistas aren't denying the truth of the leaked e-mails? They're only upset that the material was published.

Gretchen said...

Spear Phishing is simple enough it doesn't require Russians, tech savvy HS kids can do it according to my programer son, who had a friend who gained access to teacher email and grade books. The high school probably had better security measures than Podesta.

Sammy Finkelman said...

Well, he could also blame it on Autocorrect. Although that still would not account for the misisng "n"

But the whole message doesn't make sense that way. Because if Charles Delavan thought the message was illegimate, he should have told him NOT to change his password, and certainly not ASAP because he then would have been worried as to HOW and WHERE he changed his password. he would have stressed NOT using the link in he email.

He might have said set up two-factor authentication, but to do that slowly and carefully.

Joe said...

Having done unofficial support, when someone tells you about what appears to be a phishing attack, you CALL THEM and tell them to first, quit all their browsers and if they don't quite neatly, have them reboot their computer. Next, clear all browser caches. Do virus and malware scans. Only then, do you start up a browser, perhaps in private mode, and walk them through either changing their passwords on the sites they were on OR deleting their accounts on those sites.

(I'm amazed that financial institutions still include login links in their emails. Even more amazed that people click on them.)

Sammy Finkelman said...

I see Delavan told Slate the New York Times got it wrong. It wasn't taht he meant to type

This is an illegitimate email

He meant to type

This is not a legitimate email

But in any case he rest of the sentence doesn't follow.

Delavan actually said two things>

John needs to change his password immediately

AND

ensure that two-factor authentication is turned on his account.

He gave alink to do both, but Sara Latham was concerned taht if Podesta did that, he could be locked out of his account. She didn't didn't understand he could change his a password there without immediately setting up two-factor authentication.


Segesta said...

So is the purpose of showing Ms. Fischer's photo an example of "cute shaming"? Just because she's a pretty girl, er, handsome woman of Strength and Purpose doesn't mean she's automatically dumb enough to click on a Phishing link.

Unless I'm missing something. Someone straighten me out.

Sammy Finkelman said...

@Gretchen

It was a particular spear-phishing message that apparently was known to be used Russian hackers.

Of course phishing is a method of hacking - in fact it is just about impossible to do any kind of hacking without some form of phishing. The only other thing maybe is hoping somebody plugs in an infected USB drive.



Big Mike said...

This is nonsense on stilts … I have long suspected that the Wikileaks "leaks" were actually provided to Wikileaks by someone other than the Russians.

@kofvingco, your analysis is too logical, and relies on WikiLeaks telling the truth about how they acquired the Emails, including the person who alleges that he personally brought the Emails to Assange. Obviously phony!

Sammy Finkelman said...

geoffb said...

The supposed phishing email arrived at 4:34 AM on March 19th. The exchange between the IT guy and Podesta's Aide happened at 2:07 PM on the same day with another email between the Aide and another person 7 minutes later.

However the trove of emails "hacked" doesn't stop on the 19th when you would assume that once they'd clicked on the bait they would have realized the error fairly soon and changed his password for real, but continues until the afternoon of the 21st at least.


He did change his password for real - the hackers logged on and changed it for him.

They had access to all his email until sometimes in August. It was sent to wikileaks in October (in dribs and drabs making sure there would be many days of news stories)

Sammy Finkelman said...

Among the documents published by Wikileaks, was a thread containing the phishinng e-mail Podesta got - and now I learned that speat=phishing is a particular type of phishing - a personalized phishing e-mail, and this wasn't one.

https://wikileaks.org/podesta-emails/emailid/34899

Well, it could be that he was on a list of e-mail addresses of important Democrats or contacts f someone else who also were on GMail.

Sammy Finkelman said...

Michael McClain said...12/15/16, 4:05 PM

Oh! By the way, notice how the Corrupt Clintonistas aren't denying the truth of the leaked e-mails? They're only upset that the material was published.

Actually they - and especially Podesta - were refusing to confirm it as a matter of policy. But that was a lost cause. I mean listen, some emails were from the very reporters asking about it, or were cofirmed by the other party.

They had to admit anyway somewere genune in order to complain.

Sammy Finkelman said...

What's really peculiar is how the New York Times went with that explanation that the word should have been illegitimate.

Ron Winkleheimer said...

in fact it is just about impossible to do any kind of hacking without some form of phishing.

I beg to differ. There are numerous ways to infect computers with malware without using phishing.

For instance, you can use software, such as wireshark, to scan a network for open ports and try exploits crafted to take advantage of any security vulnerabilities relating to those open ports. This is the reason that you should block ports that aren't being used at your firewall. And, if you are using a real OS (Linux, cough, cough, Linux) you turn the port off on the computer.

But, to tell the truth, I wonder why anyone would even try that any longer since it seems pretty easy to find gullible people willing to click a link which downloads and installs malware.

Sammy Finkelman said...

Original Mike said...12/15/16, 8:22 AM

Are Podesta's emails the same as the DNC emails or were those two separate incursions?

Two separate things, except for the fact that Wikileaks got both of them. The Podesta penetration contnnued longer, I think till August.

Are Podesta's emails the same as the DNC emails or were those two separate incursions?

As for how it happened, the explanation probably is actually that John Podesta did none of the password changing.

Milia Fisher did, and she didn't use the link provided by Charles Delavan. She probably thought that if you used that link, you could only set up two-factor authentication, and since she didn't have access to his phone, and/or because other people logged on to that GMail account and they therefore couldn't use two-factor authentication, went to the bitly link instead.

DavidD said...

Lewis Wetzel said,

"When a person is shot, you don't blame the bullet, you blame the guy who pulled the trigger, even if it was an accident."

Actually, they blame the gun--and all lawful gun owners, by extension.

robother said...

So, the Russkies have now hacked autocorrect! We are so screwed.

Sammy Finkelman said...

The autocorrect explanation (which Rush Limbaugh thought up or brought up in passing yesterday or the day before) doesn't make sense.

Better is Delavan leaving out the word "not" which is the kind of thing that does happen, but then there's the question as to how the New York Times got it wrong.

In any case what folllows does not make too much sense, as e shold have told him (or them) NOT to change their password. Someone here said he might have had the thought that he password had already been changed. But in that case he should have written more.

And the two ideas, changing the password, and getting two factor authentication, should not have been linekd. Because anyone could think, the way CD wrote it, that at that Google link he gave, you needed to set up two factor authentication or you couldn't do anythng. But if you only wasnted to change the password, which he said to do as soon as possible, then he needed to use something else.

Michael said...

I love this story, all the stories about Dem ineptitude with the world wide webs and internets and the hand held gizmos. LOL stuff.

Sammy Finkelman said...

Matthew Sablan said...12/15/16, 12:46 PM

"I'm down with the wisdom of assuming Obama is lying when his mouth is moving, but on this he gets the benefit of doubt from me."

-- If he didn't know about the server, why use a pseudonym when communicating with it?


I would say he didn't know:

1. That she never used a state.gov address, and didn't have one.

2. That her private, non-government email was not provided by some third psrty but was entirely under Clinton management.


Gretchen said...

Sammy,

The Phishing was a change your password type of thing. That would be the first option for anyone trying to break in.

My point is it isn't some complex technical "hack", and if the Russian government was doing it, don't you think they'd use something different?

No matter how you slice it, Hillary lost because she was a bad candidate no one wanted. Hearing how the sausage was made, may or may not have affected the outcome, but who cares, what was presented was truth. Donald assumed his pussy grab conversation was private and the MSM had zero compunction about using it. Certainly he lost votes over it.

Matt Sablan said...

Sammy: Doesn't work. Abedin had to confirm with the White House every time Clinton got a new email address so they could manually add her new address to a list of emails accepted on Obama's device.

Second: If Obama did not know, there'd be no reason for him to use a pseudonym when communicating with her.

Obama knew about her server and, as usual, turned a blind eye to blatant unethical behavior in members of his administration because, for the moment, it was to his benefit.

Zach said...

And of course, simply receiving a phising email is not an "absolutely imperative... ASAP" reason to immediately change your email password and enable dual factor security. The only reason you would do that is if you believed the content -- that the account was compromised, making the email legitimate and *not* a phising attack.

Sammy Finkelman said...

Gretchen said...

Sammy,

The Phishing was a change your password type of thing. That would be the first option for anyone trying to break in.

My point is it isn't some complex technical "hack", and if the Russian government was doing it, don't you think they'd use something different?


That one wasn't a complex hack. The DNC may have been. With Podesta a mass email phishing attack caught him. It's not surprising they'd try the easy things too. It is designed to confuse people as to just when the password was stolen and porobably for taht reason says a log on attempt came from Ukraine. Which is also not Russia.

It's probably tied to Russia because of where it was leaked, technical analysis of the leaked files, or because of where that exact same phishing message was used.

Sammy Finkelman said...

Matthew Sablan said...

Sammy: Doesn't work. Abedin had to confirm with the White House every time Clinton got a new email address so they could manually add her new address to a list of emails accepted on Obama's device.

Second: If Obama did not know, there'd be no reason for him to use a pseudonym when communicating with her.


He knew it was a private e-mail address, just not that she owned teh server. I don't think he knew she didn't have any other. For one thingh, she made efforts to fool people, copying mail to a state.gov address.

https://www.washingtonpost.com/news/post-politics/wp/2015/03/10/transcript-hillary-clinton-addresses-e-mails-iran/?utm_term=.d2cb9b9e871f

Now, there are different rules governing the White House than there are governing the rest of the executive branch, and in order to address the requirements I was under, I did exactly what I have said. I emailed two people, and I not only knew, I expected that then to be captured in the State Department or any other government agency that I was emailing to at a .gov account.

That gobbledegook means, I think, that she cc it to a state.gov address which she led people to believe was hers.

He used a pseudonym either because he was asked to, or as an extra layer of security. Just in case anybody got into the system, they wouldn't know it was him without carefully reading all the messages. One reason for private communications might have been that it wasn't supposed to be government business, but maybe politics.