Podesta’s email hack hinged on a very unfortunate typo

An extensive New York Times report on this summer’s catastrophic email hack of the Democratic National Committee has turned up a very embarrassing detail about how the attack took place. It was reported at the time that Clinton campaign manager John Podesta fell victim to a phishing scheme — specifically a fake “account reset” appearing to be from Google — but it now seems that a typo from one of Podesta’s aides may have played a crucial role in ensuring that email’s success.

When the phishing email first arrived, Podesta referred it to a number of aides. An aide named Charles Delavan replied, “This is a legitimate email. John needs to change his password immediately.” But according to the Times report, that email was a simple flub — at least according to the aide in question. Delavan says he knew the email was a fraud, based on similar phishing attempts that had been spotted and blocked. He had meant to write “illegitimate email,” and simply mistyped. On that recommendation, the email was opened and the account was compromised, resulting in the publication of Podesta’s archive. Unaffiliated trolls subsequently used information from the emails to compromise Podesta’s iCloud account and remotely wipe his iPhone and iPad.

The result has to be one of the more consequential typos of the year. According to the Times, it’s an error that “has plagued [Delavan] ever since.”

The CIA recently attributed the attack to a direct Russian effort to favor Donald Trump. In October, the Office of the Director of National Intelligence made a similar attribution, writing that “only Russia’s senior-most officials could have authorized these activities.”

President-elect Trump has continued to deny Russian involvement. “It could be Russia,” he said in an interview with Time last week. “And it could be China. And it could be some guy in his home in New Jersey.”