So you get an email that says you need to reset your password because someone in Ukraine is attempting to access it and so you should click on an included link. If you’ve noticed the regularity with which phishing scams rope people in, maybe you pump the brakes. Forward that email to your IT department and they confirm—it’s official. You click the link. Your due diligence done, you proceed as advised.

John Podesta, chief of staff to President Bill Clinton, counselor to President Obama, and current chairman of the Clinton campaign, did just that. Since the public learned about the initial hack, the method of attack has been determined. In a bit of a flourish and at odds with their usual methods, the Russian hackers released the email chain showing the targeting of Podesta and the response from his IT department.

Podesta was one of 20 Clinton staffers who fell victim to the phishing, according to Dell SecureWorks, an Atlanta-based security firm. Whether any other staffers notified IT of the attempts is unclear.

In June, SecureWorks disclosed that among those whose email accounts had been targeted were staff members who advised Mrs. Clinton on policy and managed her travel, communications and campaign finances.” –NYT

SecureWorks also disclosed that they believed the hackers to be Russian GRU (military intelligence service), and that they had targeted over 100 email addresses associated with the Clinton campaign.

Some key takeaways from this so far:

  • Clinton’s campaign IT personnel were lacking. This should not be a surprise, as the Clintonmail IT guy likely sought advice for deleting emails from Reddit.
  • As one might guess, the seriousness with which the Clinton campaign takes cyber security is a direct reflection of the seriousness with which Clinton’s inner-circle in the State Department took cyber security, as both are comprised of some of the same people. Side note: Romanian hacker Guccifer successfully hacked Clinton operative Sydney Blumenthal and claimed to have penetrated the Clintonmail server. Podesta’s email was set up via Gmail, not Clintonmail.

The idea that Russia is attempting to sway the election with an October surprise in leaked emails begins to hold more water as investigators reveal more links to Russian hackers—not just the GRU, but the FSB as well. The potential for there to be more emails released in the days approaching the election remains high, with many breaches in security, including Clinton staffers who lost a laptop and thumb drive set up specifically to archive emails, and former Clinton State Department Chief of Staff Cheryl Mills losing her Blackberry with Clintonmail content in 2010.

Featured image courtesy of New York Times.