A report by CNN’s Jake Tapper about a self-described “email prankster” who successfully tricked White House officials and members of President Trump’s family into responding highlights just how easy it is to fool highly influential individuals online.
The episode raises questions about the narrative that alleged Russia interference in the 2016 presidential campaign included the breach of the Gmail account of Hillary Clinton’s campaign chairman, John Podesta. Podesta reportedly fell for a simple spear-phishing email that asked him to change his Gmail password, thus purportedly providing an outside actor access to his emails.
In the case spotlighted by Tapper, an individual described as an “email prankster” in the UK was able to fool Trump administration officials, demonstrating the simplicity of such a feat and showing how virtually anyone with creativity and knowhow could have been behind the breach of Podesta’s email account reportedly via a general spear-phishing campaign.
On his Twitter account, the “email prankster” claims that he engaged in online hijinks as a hobby, and that he did a stint in rehab three months ago. “I was in rehab 3 months ago,” he writes. “Just goes to show. Follow your calling even if it seems utterly mental and unconventional. Life is fun at times.”
I was in rehab 3 months ago. Just goes to show. Follow your calling even if it seems utterly mental and unconventional. Life is fun at times
— EMAIL PRANKSTER™ (@SINON_REBORN) August 1, 2017
Tapper’s report states the following people were duped by the “email prankster:”
- Homeland Security Adviser Tom Bossert, who allegedly provided a private email address when the prankster posed as Trump adviser Jared Kushner.
- Ousted White House Communications Director Anthony Scaramucci, who was said to have replied to a fake email from the prankster posing as then-White House Chief of Staff Reince Priebus.
- Eric Trump, who responded when the prankster posed as his older brother, Donald Trump Jr.
Tapper’s CNN story cites cyber experts explaining how common spear-phishing is, and how powerful people fall victim:
Cyber experts consulted by CNN say the incidents are illustrative of how vulnerable Americans — even those in the highest reaches of power — remain to the potential threat of spear-phishing, the process through which officials are duped by hackers, and expose government computers and systems to various cyber threats. …
“This shows how susceptible government officials are to spear-phishing in general,” Adam Malone, a former cyber specialist and special agent for the FBI, told CNN. “Spear-phishing is the most common technique used by hackers to gain access to their victims. This information shines a light on how easy it is for people to build trust with unverified individuals.”
In one sentence, the story mentions Podesta: “Former Hillary Clinton campaign chair John Podesta infamously fell victim to such a trap, though the person who preyed on him had more nefarious intentions than mockery.”
While the spear-phishing cases in Tapper’s report had White House officials and Trump family members responding – and one official even provided his private email address – no one seems to have been asked to provide access to or change email passwords. Like those in Trump’s orbit duped by the prankster, Podesta reportedly also trusted a spear-phishing email. In Podesta’s case, however, he was reportedly duped into changing his password.
The breach of Podesta’s Gmail account was notably absent from the January 6, 2017 report by three U.S. intelligence agencies assessing alleged Russian interference in last year’s presidential election.
The report does say that Russia started a spear-phishing campaign after last November’s election:
Immediately after Election Day, we assess Russian intelligence began a spear-phishing campaign targeting US Government employees and individuals associated with US think tanks and NGOs in national security, defense and foreign policy fields.
Despite the lack of evidence, CNN has repeatedly reported that Russia “hacked” Podesta’s Gmail account.
The breach is included in CNN’s online library overview of incidents tied to accusations that the “Russian government meddled in the election.”
A CNN article last month states as fact that Russia “hacked” Podesta’s email: “The Russian hack of Podesta’s emails played a pivotal role in the election, as WikiLeaks released tens of thousands of his emails one day at a time during last year’s presidential campaign.”
Ironically, a CNN story showing how a simple spear-phishing effort breached Podesta’s Gmail account claims in the headline that Russia was behind the breach. This despite how common such spear-phishing emails are. “How one typo helped let Russian hackers in,” was the title of the article.
That CNN story relates:
The email that would help Democrats lose the 2016 presidential election arrived on March 19, 2016, signed — seemingly harmlessly — “Best, the Gmail team.” The email was sent to John Podesta, the then-chairman of Hillary Clinton’s presidential campaign. But it wasn’t a benign message; it was actually a spear-phishing email authored by hackers with ties to Russia.
“There was a Google alert that there was some compromise in the system,” Podesta told CNN of the email, which prompted Podesta to change his password “immediately” by clicking on a link.
“It actually got managed by my assistant, who checked with our cybersecurity guy,” Podesta said. “And through a comedy of errors, I guess, he instructed her to go ahead and click on it and she did.”
Podesta’s main error, according to the CNN report, which cited Podesta himself, was that the campaign’s IT worker replied that the spear-phishing email asking for a password change was “legitimate” when the worker meant to reply that the email was “illegitimate.”
The CNN story says the Russian “hacking” began in earnest when the Democratic National Committee (DNC) discovered in April 2016 that its computers had been breached.
In January testimony before the Senate Intelligence Committee, then-FBI Director James Comey confirmed that the FBI registered “multiple requests at different levels” to review the DNC’s hacked servers. Ultimately, the DNC and FBI came to an agreement in which a “highly respected private company” – the outside firm Crowdstrike – would carry out forensics on the servers and share any information that it discovered with the FBI, Comey testified.
A senior law enforcement official stressed the importance of the FBI gaining direct access to the servers, a request that was denied by the DNC.
“The FBI repeatedly stressed to DNC officials the necessity of obtaining direct access to servers and data, only to be rebuffed until well after the initial compromise had been mitigated,” the official was quoted by the news media as saying.
“This left the FBI no choice but to rely upon a third party for information. These actions caused significant delays and inhibited the FBI from addressing the intrusion earlier.”
Comey’s statement about a “highly respected private company” gaining access to the DNC servers was a reference to CrowdStrike, the third-party company ultimately relied upon by the FBI to make its assessment about alleged Russian hacking into the DNC.
As this reporter documented, CrowdStrike was financed to the tune of $100 million from a funding drive last year led by Google Capital.
Google Capital, which now goes by the name of CapitalG, is an arm of Alphabet Inc., Google’s parent company. Eric Schmidt, the chairman of Alphabet, has been a staunch and active supporter of Hillary Clinton and is a longtime donor to the Democratic Party.
CrowdStrike is a California-based cybersecurity technology company co-founded by experts George Kurtz and Dmitri Alperovitch.
Alperovitch is a nonresident senior fellow of the Cyber Statecraft Initiative at the Atlantic Council. The Council takes a hawkish approach toward Russia and has released numerous reports and briefs about Russian aggression.
The Council is funded by the Rockefeller Brothers Fund, Inc, the U.S. State Department and NATO ACT.
Another Council funder is the Ploughshares Fund, which in turn has received financing from billionaire George Soros’ Open Society Foundations.
Aaron Klein is Breitbart’s Jerusalem bureau chief and senior investigative reporter. He is a New York Times bestselling author and hosts the popular weekend talk radio program, “Aaron Klein Investigative Radio.” Follow him on Twitter @AaronKleinShow. Follow him on Facebook
This article was written with additional research by Joshua Klein.