John Podesta, the veteran Democratic political operative who has served two different presidents and is chairman of Hillary Clinton’s political campaign, has had a lousy week.
Not only has the anti-secrecy website WikiLeaks been publishing emails pirated from Podesta’s account earlier this year, but hackers penetrated his Twitter account and apparently wiped all the data from his iPhone and iPad.
The breaches brought to the Clinton campaign an abject lesson in the insecurity of modern devices and the consequences of failing to adopt adequate computer security practices.
Matt Tait, chief executive of Capital Alpha Security, a security consultancy based in the United Kingdom, said activists from Anonymous, a loose global network of computer hackers with an anti-authoritarian bent, had bragged of targeting Podesta and wiping his devices remotely.
What allowed the hackers to target Podesta was a single email from the thousands WikiLeaks has published in the past week. In that May 16, 2015, correspondence between Podesta and Eryn Sepp, his former special assistant at the White House, Podesta asked whether Sepp knew his Apple ID, which would allow access to his Apple accounts and devices.
“I do,” she responded, listing his Gmail address and his password: Runner4567.
Within minutes of the posting of that batch of WikiLeaks emails Wednesday, Anonymous activists began exchanging queries. At 5:36 p.m. Germany time, one activist posted: “CAN we DO SOMetHING WITH AN APPLE ID?”
Moments later, another Anonymous hacker with the moniker 4Chan “had found Podesta’s Apple creds and logged in for first time,” Tait tweeted.