Clinton Campaign Sent Fake Phishing Emails to Its Own Staff

These security training efforts help explain why the campaign itself wasn’t hacked as associates were.

Hillary Clinton campaign manager Robby Mook.Brian Snyder/Zuma

Fight disinformation: Sign up for the free Mother Jones Daily newsletter and follow the news that matters.


Hillary Clinton’s run for the White House will be remembered for many things, but information security isn’t likely to be one of them. Her campaign was buffeted by two major hacking episodes. First, the contents of Democratic National Committee servers were stolen and disseminated through WikiLeaks and other news organizations. Then campaign chairman John Podesta had his personal email account hacked and its contents passed to WikiLeaks, which subsequently released the 50,000-email set in chunks over a period of weeks as the presidential election reached fever pitch. The US government’s intelligence community went on to assert that the hacks had been orchestrated at the behest of the Russian government as a deliberate attempt to hurt Clinton’s chances and boost Donald Trump.

But Robby Mook, the Clinton campaign manager, said this week that the hacks didn’t hit the campaign itself, and that’s because the campaign conducted regular security training for staffers, including sending them fake phishing emails to see how they’d be handled.

“We sent out phishing emails of our own to test people and communicate back to team to see how far they were clicking, to educate people, and show their vulnerability and how much their choices matter,” Mook told Dark Reading, a cybersecurity news website, while attending an information security conference in San Francisco.

Mook said there were at least three phishing tests sent out to staffers, and there were also regular emails sent to staff preaching good IT practices. There were signs in the bathrooms “about not sharing passwords and ‘Don’t clink that link, stop and think,'” Mook said.

The Dark Reading piece doesn’t address when the training took place or whether Podesta and his aides were involved. Podesta and Mook did not respond to requests for comment about the IT training during the campaign.

A phishing attack is an attempt to trick a victim into giving up personal information, including logins for email accounts, bank accounts, and other sensitive information. In Podesta’s case, hackers sent a phony warning from Google alerting him that his Gmail password needed to be reset. According to the New York Times, a campaign IT staffer inadvertently advised Podesta and his aides that the warning was legitimate. By using the fake password reset page, Podesta gave the hackers access to his Gmail account and years’ worth of political communications that eventually found their way to WikiLeaks via the Russian operation, according to the US government.

BEFORE YOU CLICK AWAY!

Mother Jones was founded to do journalism differently. We stand for justice and democracy. We reject false equivalence. We go after stories others don’t. We’re a nonprofit newsroom, because the kind of truth-telling investigations we do doesn’t happen under corporate ownership.

And the essential ingredient that makes all this possible? Readers like you.

It’s reader support that enables Mother Jones to devote the time and resources to report the facts that are too difficult, expensive, or inconvenient for other news outlets to uncover. Please help with a donation today if you can—even a few bucks will make a real difference. A monthly gift would be incredible.

payment methods

BEFORE YOU CLICK AWAY!

Mother Jones was founded to do journalism differently. We stand for justice and democracy. We reject false equivalence. We go after stories others don’t. We’re a nonprofit newsroom, because the kind of truth-telling investigations we do doesn’t happen under corporate ownership.

And the essential ingredient that makes all this possible? Readers like you.

It’s reader support that enables Mother Jones to devote the time and resources to report the facts that are too difficult, expensive, or inconvenient for other news outlets to uncover. Please help with a donation today if you can—even a few bucks will make a real difference. A monthly gift would be incredible.

payment methods

We Recommend

Latest

Sign up for our free newsletter

Subscribe to the Mother Jones Daily to have our top stories delivered directly to your inbox.

Get our award-winning magazine

Save big on a full year of investigations, ideas, and insights.

Subscribe

Support our journalism

Help Mother Jones' reporters dig deep with a tax-deductible donation.

Donate