John Podesta talks email hack, fake news and Russia

Until October, John Podesta was most known as a diehard Democratic campaigner who worked in the White House under Bill Clinton and served as the chairman of Hillary Clinton’s presidential campaign.

But after WikiLeaks began publishing a trove of Podesta’s emails in the final month before the 2016 election, Podesta became perhaps the most widely recognized victim of hacking. U.S. intelligence agencies have assessed that Russia stole Podesta’s emails — which contained everything from his risotto recipe to transcripts of Clinton’s private Wall Street speeches — and leaked them in an effort to tip the election in favor of President Trump.

Podesta reflected on the hack and its aftermath at the NewCo Shift Forum today, along with Shawn Henry, the president of the cybersecurity firm that investigated the DNC hacks, and Marc Elias, an attorney who worked as general counsel to the Clinton campaign. Podesta called out the FBI and WikiLeaks for damaging the campaign and issued a warning to tech and the media about the rise of fake news.

“I think to this day it’s inexplicable that they were so casual about the investigation of the Russian penetration of the DNC emails. They didn’t even bother to send an agent to the DNC; they left a couple of messages at the IT help desk saying, ‘You might want to be careful,’” Podesta said. “There are at least forces within the FBI that wanted her to lose.”

Henry, the president of CrowdStrike and a former executive assistant director at the FBI, also questioned the Bureau’s reaction to the hacks that plagued the Clinton campaign. Henry recalled personally notifying the Obama and McCain campaigns about breaches that occurred in the run-up to the 2008 election. 

It wasn’t just that they didn’t like Hillary Clinton’s pantsuit, it was that Putin had a vendetta about her.

— John Podesta

“Obviously the DNC should have been at the top of the list in terms of prioritization. The agents engaged there didn’t seem to recognize it for what it was. I believe they didn’t pay enough attention to the severity of the attack, what was being targeted by whom, and what the results might be,” Henry said. “There has to be a sense of urgency. If you don’t see an attack on the election system as a threat to our national security … then you’re in the wrong country.”

CrowdStrike investigated the DNC breach and attributed it to Russia in June, long before the intelligence community released its own attribution and before BuzzFeed published unverified allegations that the Trump campaign colluded with Russian intelligence to orchestrate the hacks.

The allegations have had little meaningful impact on Trump so far. Trump has been able to leverage fears about election hacking to suit his own agenda, Elias claimed. “Efforts to crack down on voting and make voting harder — it’s open season,” Elias noted. “I think what Trump is doing now is signaling the next stage: not just to cut down on convenience voting but to have the states be much more aggressive in the registration process.”

TechCrunch caught up with Podesta after the panel discussion to learn more about his experience with Russian hackers and what political campaigns need to do to step up their cybersecurity.

TechCrunch: When did you know your account was compromised? You were hacked in March but these emails didn’t start coming out until October. Did you know in between then that this was a possibility?

Podesta: In the summer, when the DNC hack documents started coming out, there was a document in that release that didn’t seem like it would have made its way to the DNC and may have come from my email account. So at least the possibility I’d been hacked rose during the course of the summer. In August, [Trump adviser] Roger Stone started pointing to WikiLeaks and pointing to me. So that seemed to be the second indicator that they at least had something, but it wasn’t until October 7th that the full extent of the loss was known to me and our team.

Hours after the leak started, you tweeted that you were attributing your hack to Russia. Did you already feel confident that was the case? 

Our tech people might know the answer to this, but I think we had a strong suspicion that this was going on. Other people’s emails had been compromised. They had done the forensics on those. So I think we knew that, and Shawn talked about this, that there were two different incursions into the DNC but the GRU, the Fancy Bear side of this, was active in going after personal emails.

A lot of the people I’ve talked to who have had their emails leaked are victims of doxing, and they go into hiding. But when you’re in the final month of a campaign, you can’t just hunker down — 

Put a bag over your head?

Yeah. How did you deal with it personally?

I was in the public eye, I was doing media. I had to answer to some of the specific questions that were being raised. Marc Elias raised this point on the panel, which was that my emails themselves weren’t all that sexy. So I was able to go out and put them in context and talk about them. In the final month of a campaign, you’ve just got to be in overdrive. So you can’t even take the time to feel the pain. You’ve just got to move forward. I noted the things that — hurtful things happened to people, including my own family, that obviously I paid attention to and cared about. But for the most part, it was just, ‘What did they put out today? What are we going to do about it?’ Try to knock down stories as best we could. Try to put the context of the fact that this was a foreign power directly interfering in our election in context. Get that story out.

I think we still needed to try to press the case and give the public a sense of what was happening, what the stakes were, and why. It wasn’t just that they didn’t like Hillary Clinton’s pantsuit, it was that Putin had a vendetta about her and her tenure as Secretary of State. But mostly it was about Trump having adopted positions that were extraordinarily friendly to Putin and strongly at odds with a bipartisan collection of national security officials and people overseas.

How do you think this changes the way a campaign needs to be run? Everyone’s freaking out about the risk of being targeted by an adversary that you’re wholly unprepared to deal with. 

I think there’s two aspects to that. One is the technical protection of your communications. The use of greater encryption, the sensitivity. I thought I was pretty sensitive. And I did learn one thing from this, which was a bitter experience. I just didn’t realize how much I had archived on Google. I’m fairly sophisticated, but it just was not in my consciousness how much, including in the delete folder, was still there. I should have known that. I should have thought about, on my personal email account, what my retention policy is. We have one in the campaign. But I didn’t and I bet you a lot of people don’t. They rely on the default and they don’t realize the retention risk, just the sheer volume of what’s there. 

The Russians have to feel empowered by what happened. This is probably the best money they ever spent.

— John Podesta

There’s a separate issue that floats through all this which is different, but also deployed by Russians and their actors, which is the fake news story. How one combats that, is able to put that genie back in the bottle, is going to be a big challenge for campaigns going forward. And you see that playing out not just in the U.S. but in other democratic elections. It’s just very hard. It’s easy to get mainstream media to say, ‘This is out there; it’s not true.’ That does not stop the spread of it. I think that the platforms have some responsibility to try to think about what solutions look like in that space. Are they creating technical tools and strategies that actually enhance fake news at the expense of real news? I think that was part of what was going on with Facebook. The way news was being delivered to the News Feed actually elevated fake news and suppressed the stuff that was debunking it.

But I think that’s an extraordinarily difficult problem, with a president for whom nothing is real. It is a context which authoritarians have been able to exploit. Ripping apart of basic reality — that’s what Putin’s done in Russia, that’s the way media channels work in Russia.

Is that a conversation you’re having with companies now? What are you telling them? 

I think it’s mostly, “You’ve got to fix this.” If InfoWars went ‘poof’ tomorrow, I’m not sure things would be all that different — although I wish that they would go ‘poof’ tomorrow. The normal inclination to support First Amendment values, to not be censors, to support a robust conversation which leads to good democratic outcomes, is really upended by this. I’m not sure you can solve the problem, but at least mitigate the problem.

You were talking about feeling more sophisticated with your security. I’m curious about what measures you were taking. Because in the security community, I hear people say, “His password was just ‘password’ or ‘runner4567’ and it should’ve been better, he should have used 2 factor.” 

But that’s sort of blaming the victim. That’s not particularly useful in this context and it’s kind of an excuse on that side. Look, as I said, I feel like I’m sensitive at least. And I’ve enhanced the technical security side of my life, but I guess I had a false sense of protection. I’m used to a lot of this and repelled a lot of it. That was naive I guess. I also feel like, this was pretty odd in that I never touched the keyboard. I had people who had access to my email, they checked with the security people, the security people told them to take a step they shouldn’t have taken.

If I knew there’d be a leak, I probably would have put [the Wall Street speeches] out earlier.

— John Podesta

So you don’t think it was you that clicked the phishing link?

No. And they checked, and were given bad information. Woulda coulda shoulda. I don’t think it was an issue of what the strength of my password was. Although I now have stronger passwords.

Did you feel any sense of vindication when BuzzFeed published the dossier on Trump, after having your personal information dragged through the mud? 

If I had a sense of vindication, it was not about tit for tat from my perspective. It was the frustration that our campaign had with getting real news sources to really push and look at — maybe not the most salacious issues that were in the report. Everyone was focused on the sex.

The golden shower was the thing that trended on Twitter. 

Link :

Leave a Reply

Your email address will not be published. Required fields are marked *