This has not been an especially ennobling election. Or a rewarding one. Or even entertaining. Pretty much everything about 2016 has been boorish and grotesque. But finally it is time to laugh.
Ladies and gentlemen, I present the Clinton IT department.
Over the weekend we finally found out how Clinton campaign honcho John Podesta’s emails were hacked. But first a couple disclaimers:
1) Yes, it’s unpleasant to munch on the fruit of the poisoned tree. But this isn’t a court of law and you can’t just ignore information that’s dragged into the public domain.
2) We’re all vulnerable to hackers. Even if you’re a security nut who uses VPNs and special email encryption protocols, you can be hacked. The only real security is the anonymity of the herd. Once a hacker targets you, specifically, you’re toast.
I’m a pretty tech-savvy guy and if the Chinese decided to hack my emails tonight, you’d have everything I’ve ever written posted to Wikileaks before the sun was up tomorrow.
But that is … not John Podesta’s situation.
What happened was this: On March 19, Podesta got what looked–kind of, sort of–like an email from Google’s Gmail team. The email claimed that someone from the Ukraine had tried to hack into Podesta’s Gmail account and that he needed to change his password immediately.
This is what’s called a “phishing” scam, where hackers send legitimate-looking emails that, when you click on the links inside them, actually take you someplace dangerous. In Podesta’s case, there was a link that the email told him to click in order to change his password.
This was not an especially good bit of phishing. Go have a look yourself. The email calls Podesta by his first name. It uses bit.ly as a link shortener. Heck, the subject line is the preposterous “*someone has your password*”. Why would Google say “someone has your password?” They wouldn’t. They’d say that there had been log-in attempts that failed two-step authentication, maybe. Or that the account had been compromised, perhaps. If you’ve spent any time using email over the last decade, you know exactly how these account security emails are worded.
And what’s more, you know that you never click on the link in the email. If you get a notice from your email provider or your bank or anyone who holds sensitive information of yours saying that your account has been compromised, you leave the email, open your web browser, type in the URL of the website, and then manually open your account information. Again, let me emphasize: You never click on the link in the email!
But what makes this story so priceless isn’t that John Podesta got fooled by an fourth-rate phishing scam. After all, he’s just the guy who’s going to be running Hillary Clinton’s administration. What does he know about tech? And Podesta, to his credit, knew what he didn’t know: He emailed the Clinton IT help desk and said, Hey, is this email legit?
And the Clinton tech team’s response was: Hell yes!
No, really. Here’s what they said: One member of the team responded to Podesta by saying “The gmail one is REAL.” Another answered by saying “This is a legitimate email. John needs to change his password immediately.”
It’s like the Clinton IT department is run by 90-year-old grandmothers. I half-expect the next Wikileaks dump to have an email from one Clinton techie to another asking for help setting their VCR clock.
As the other guy likes to say, “only the best people.”
