The email accounts of at least 109 Hillary Clinton staffers were targeted by Russian military hackers last year, a cybersecurity expert told lawmakers Thursday. During a Senate intelligence committee hearing on Russian meddling in the 2016 US presidential election, Thomas Rid, a professor at King’s College in London, laid out the extraordinary efforts undertaken by the Russian military intelligence agency known as GRU to target the Clinton camp:
In early March, GRU began to train its well-established, semi-automated targeting tools from worldwide military and diplomatic targets to US political targets. Between 10 March and 7 April, GRU targeted at least 109 Clinton campaign staffers with 214 individual phishing emails (with eight more attempts on 12 and 13 May). [Thirty six] times Clinton staffers clicked a malicious link (the success rate of actually breaching the account after a victim clicked this link is 1-in-7). Russian intelligence targeted Jake Sullivan in at least 14 different attempts beginning on 19 March, each time with a different malicious link against two of his email addresses. GRU targeted Hillary Clinton’s personal email account at least two times in March, but the available data show that she did not fall for the password reset trick. The military intelligence agency also targeted DNC staffers with 16 emails between 15 March and 11 April, and 3 DNC staffers were tricked into clicking the treacherous “reset password” button on 6 April 2016.
This is an interesting bit of information from Rid, a cybersecurity expert and researcher who has studied and written extensively about what happened to the Democrats in 2016. After the hearing, Rid told Mother Jones’ David Corn that the level of detail he offered to the Senate panel Thursday was new. It was an expansion of the research performed by Dell SecureWorks in June 2016, which studied Bitly links that were sent to hundreds of people associated with the Democratic National Committee or the Clinton campaign (as well as to thousands of other Gmail accounts in Russia, former Russian states, the United States, and Europe).
Given that a typo in an email may have led to John Podesta’s personal Gmail account getting compromised and years of his emails ending up on WikiLeaks, it’s interesting to note that Clinton herself apparently didn’t fall for the scheme. Her personal email was targeted at least two times, but, according to Rid, “the available data show that she did not fall for the password reset trick.”