At 7:51 p.m. on Wednesday night, Democratic National Committee chair Donna Brazile got an odd email from the Gmail account of Clinton campaign chair John Podesta. “We have a problem,” read the subject line.
“Donna, some of our less than reliable media people are starting to privately question the Russian hack story we’ve been feeding them about these emails that [WikiLeaks founder Julian] Assange keeps leaking,” it read, according to a copy of the email Brazile shared with Yahoo News. It went on to say “HRC wants us to come up with a backup story to keep them guessing until we get to E-day in case we need to use it.”
The email was unlike any Podesta would actually write — and for good reason. It was fake. He wrote no such missive, says a Clinton campaign official. But the message, using a cloned version of Podesta’s real Gmail address, was a vivid example of the mischief Russian hackers — and WikiLeaks — have unleashed by dumping thousands of stolen emails into the public domain, say Democratic party officials and cybersecurity experts.
“This is part of the disinformation campaign,” said Brazile, who quickly alerted the DNC’s cybersecurity officials so they could try to trace the email to its original source. So far, they haven’t cracked the case. But party and Clinton campaign officials are increasingly on guard for similar phony messages. In one case, party officials tell Yahoo News, a malicious unidentified spoofer replicated the email address of the DNC’s press secretary and sent the New York Times a phony op-ed from Tim Kaine. “We’re a political party operating under tremendous stress,” said Brazile.
The Clinton campaign on Friday ramped up its efforts to put a spotlight on Russia’s role in the cyberattacks on the DNC and other party organizations, arranging a conference call led by former acting CIA director Michael Morrell. He said the hacks were “a direct assault on our democracy” and called on Donald Trump to condemn them.
But in fact, there is no indication the phony Podesta message was the work of Russian state-sponsored hackers, say cybersecurity experts. It’s far more likely it was sent by cyberspoofers using relatively accessible Internet tools to replicate an email address, using or installing a STMP (Simple Mail Transfer Protocol) email server. In the case of Podesta email, the spoofer also used a separate “reply to” email service — a sort of throwaway inbox to weed out junk email — presumably so that Podesta would have been completely unwitting if Brazile had actually responded.
“It could really be anybody,” said Rich Barger, chief intelligence officer of ThreatConnect, a cybersecurity firm that has closely studied the Russian hacks. “It could be a 400-pound hacker in his mother’s basement,” he added in an allusion to Trump’s own quip during the first presidential debate last month.
What the Russians — with their presumed co-conspirators at WikiLeaks and other websites such as DCLeaks.com and Guccifer 2.0 — apparently did do is make the process a whole lot easier by publicizing Podesta’s private Gmail account — and those of scores of other Democratic party officials and operatives. The spoofers “didn’t have to do the hard work of trying to sniff out the email addresses,” said Barger.
The first indication of the problem came two months ago, shortly after the Democratic convention in Philadelphia and the initial WikiLeaks dump of DNC emails. On Aug. 2, at 5:43 a.m., New York Times reporter Yamiche Alcindor got a chatty email from the DNC address of Mark Paustenbach, the DNC’s press secretary. “Hi Yamiche,” it began. “Long story short … Tim Kaine wants to submit an Opted [sic] and get it in ASAP.” It added that Brazile would be sending “the final draft” shortly. Alincdor responded later that morning. “Hey Mark, I’m just seeing this. I’ll email my editors right now and get back to you.” (A Times spokeswoman confirmed that Alcindor got the email from Paustenbach’s address.)
The response from the Times reporter surprised Paustenbach, who immediately alerted DNC security, noting that the language in the original message “is clearly not mine.” Later, a proposed op-ed under Kaine’s byline was sent from Brazile’s address to Alcindor. The content was preposterous. (“When it comes to selecting a future Vice President, it’s almost a tradition to pick someone that helps make you as the presidential candidate look better,” it read. “It’s like when you go to a club, and you see those hot girls next to their boring ugly friends. I’m the boring ugly friend. I’m the one that doesn’t get drugged at the bar, because no one wants to touch me with a fifty-foot pole.”
The Times, of course, never ran the phony op-ed. But the DNC was on notice that they had become sitting ducks for Internet trolls.