Clinton Campaign Sent Fake Phishing Emails to Its Own Staff

These security training efforts help explain why the campaign itself wasn’t hacked as associates were.

Hillary Clinton campaign manager Robby Mook.Brian Snyder/Zuma

For indispensable reporting on the coronavirus crisis, the election, and more, subscribe to the Mother Jones Daily newsletter.


Hillary Clinton’s run for the White House will be remembered for many things, but information security isn’t likely to be one of them. Her campaign was buffeted by two major hacking episodes. First, the contents of Democratic National Committee servers were stolen and disseminated through WikiLeaks and other news organizations. Then campaign chairman John Podesta had his personal email account hacked and its contents passed to WikiLeaks, which subsequently released the 50,000-email set in chunks over a period of weeks as the presidential election reached fever pitch. The US government’s intelligence community went on to assert that the hacks had been orchestrated at the behest of the Russian government as a deliberate attempt to hurt Clinton’s chances and boost Donald Trump.

But Robby Mook, the Clinton campaign manager, said this week that the hacks didn’t hit the campaign itself, and that’s because the campaign conducted regular security training for staffers, including sending them fake phishing emails to see how they’d be handled.

“We sent out phishing emails of our own to test people and communicate back to team to see how far they were clicking, to educate people, and show their vulnerability and how much their choices matter,” Mook told Dark Reading, a cybersecurity news website, while attending an information security conference in San Francisco.

Mook said there were at least three phishing tests sent out to staffers, and there were also regular emails sent to staff preaching good IT practices. There were signs in the bathrooms “about not sharing passwords and ‘Don’t clink that link, stop and think,'” Mook said.

The Dark Reading piece doesn’t address when the training took place or whether Podesta and his aides were involved. Podesta and Mook did not respond to requests for comment about the IT training during the campaign.

A phishing attack is an attempt to trick a victim into giving up personal information, including logins for email accounts, bank accounts, and other sensitive information. In Podesta’s case, hackers sent a phony warning from Google alerting him that his Gmail password needed to be reset. According to the New York Times, a campaign IT staffer inadvertently advised Podesta and his aides that the warning was legitimate. By using the fake password reset page, Podesta gave the hackers access to his Gmail account and years’ worth of political communications that eventually found their way to WikiLeaks via the Russian operation, according to the US government.

SIX TRUTHS

Reclaiming power from those who abuse it often starts with telling the truth. And in "This Is How Authoritarians Get Defeated," MoJo's Monika Bauerlein unpacks six truths to remember during the homestretch of an election where democracy, truth, and decency are on the line.

Truth #1: The chaos is the point.

Truth #2: Team Reality is bigger than it seems.

Truth #3: Facebook owns this.

Truth #4: When we go to work, we're in the fight.

Truth #5: It's about minority rule.

Truth #6: The only thing that can save us is…us.

Please take a moment to see how all these truths add up, because what happens in the weeks and months ahead will reverberate for at least a generation and we better be prepared.

And if you think journalism like Mother Jones'—that calls it like it is, that will never acquiesce to power, that looks where others don't—can help guide us through this historic, high-stakes moment, and you're able to right now, please help us reach our $350,000 goal by October 31 with a donation today. It's all hands on deck for democracy.

payment methods

SIX TRUTHS

Reclaiming power from those who abuse it often starts with telling the truth. And in "This Is How Authoritarians Get Defeated," MoJo's Monika Bauerlein unpacks six truths to remember during the homestretch of an election where democracy, truth, and decency are on the line.

Truth #1: The chaos is the point.

Truth #2: Team Reality is bigger than it seems.

Truth #3: Facebook owns this.

Truth #4: When we go to work, we're in the fight.

Truth #5: It's about minority rule.

Truth #6: The only thing that can save us is…us.

Please take a moment to see how all these truths add up, because what happens in the weeks and months ahead will reverberate for at least a generation and we better be prepared.

And if you think journalism like Mother Jones'—that calls it like it is, that will never acquiesce to power, that looks where others don't—can help guide us through this historic, high-stakes moment, and you're able to right now, please help us reach our $350,000 goal by October 31 with a donation today. It's all hands on deck for democracy.

payment methods

We Recommend

Latest

Sign up for our free newsletter

Subscribe to the Mother Jones Daily to have our top stories delivered directly to your inbox.

Get our award-winning magazine

Save big on a full year of investigations, ideas, and insights.

Subscribe

Support our journalism

Help Mother Jones' reporters dig deep with a tax-deductible donation.

Donate