Wikileaks: Hillary IT Team Deemed Phishing Attempt ‘Legitimate’

PHILADELPHIA, PA - JULY 25: on the first day of the Democratic National Convention at the Wells Fargo Center, July 25, 2016 in Philadelphia, Pennsylvania. An estimated 50,000 people are expected in Philadelphia, including hundreds of protesters and members of the media. The four-day Democratic National Convention kicked off July …

The Hillary Clinton campaign team believed an email claiming that someone had logged into campaign chairman John Podesta’s email account from Ukraine was “legitimate,” and demanded Podesta’s team switch passwords immediately.

On March 19, 2016, an email appearing to come from Google notified the Clinton IT team of an alleged entry into Podesta’s email account, using his own password, from an address in Ukraine.

“Google stopped this sign-in attempt. You should change your password immediately,” the email, released by the organization Wikileaks this Friday, read. It suggested clicking a link to change passwords. That link currently leads to a warning page:

Wikileaks Podesta email link March 19, 2016

The website, which systematically documents the history of internet web pages, does not appear to have any screen captures showing what the page would have looked like on March 19, 2016.

The rest of the email thread appears to show individuals in the Clinton campaign attempting to reach Podesta and convince him of both the legitimacy of the email and the urgency of his need to change the password.

“This is a legitimate email. John needs to change his password immediately, and ensure that two-factor authentication is turned on his account,” Charles Delavan, a member of Clinton’s campaign IT team, emails. He sends a link to a verified Google page that would allow for enabling two-factor authentication. The link Delavan sends is the proper link to

The responsibility of securing Podesta’s account ultimately falls to Milia Fisher, a special assistant to the campaign chairman. “The gmail one is REAL… Milia, can you change – does JDP have the 2 step verification or do we need to do with him on the phone? Don’t want to lock him out of his in box!” writes Clinton campaign Chief of Staff Sara Latham.

Wikileaks ultimately published tens of thousands of emails from Podesta’s account. There is no evidence yet connecting this attempted entry into his account with the ultimate delivery of these emails to Wikileaks.

Vice suggests that original email in this sequence “came from a group of hackers that security researchers, as well as the US government, believe are spies working for the Russian government.” The publication identifies the hacking collective as “Fancy Bear, APT28, or Sofacy.”

The release of this email does not provide any evidence that the campaign staffers clicked the original link, however, as they could have also clicked the legitimate Google link that Delavan sent their way.

The Clinton campaign has repeatedly accused the Russian government of orchestrating the hacking and using Wikileaks to publish the potentially embarrassing information in Podesta’s emails. Hillary Clinton personally said in September there was “no doubt in my mind” that Russian President Vladimir Putin was orchestrating operations meant to manipulate the results of the 2016 presidential election.

“Every American should be concerned about Russia doing anything to try to tilt and influence our election,” she argued on ABC last month.

In addition to the Clinton campaign chairman’s account, earlier this year the Democratic National Committee revealed their computers had also been hacked. These hackings raised further questions regarding the use of a private, unsecured server by Clinton during her tenure as Secretary of State.

Previously released Wikileaks emails revealed that Clinton was aware of the fact that hackers were regularly attempting to break into her email account. Clinton admitted as much in a 2014 speech, where she claimed the State Department was receiving cyberattacks “every hour, more than once an hour.”