Why Some People Think a Typo Cost Clinton the Election

On March 19, an IT employee at the Hillary Clinton campaign gave John Podesta, the campaign chairman, some computer-security advice. “John needs to change his password immediately,” he wrote in an e-mail, “and ensure that two-factor authentication is turned on his account.” The helpdesk staffer was responding to a Google alert with a bright red banner that had been sent to Podesta’s personal Gmail account. An aide to Podesta had forwarded the warning when she saw it in his inbox. The warning, it turned out, was fake. It was designed to look authentic by Russian hackers, who also created a fake password-reset page that would capture Podesta’s password when he entered it.

But the Clinton IT employee, Charles Delavan, made a crucial error when he responded to the aide who forwarded the warning. “This is a legitimate email,” he wrote back. Somebody on the campaign clicked on the fake link, entered Podesta’s password, and the hackers gained access to tens of thousands of his e-mails. In a detailed new report from The New York Times, Delavan said he didn’t intend to legitimize the phishing email back in March: "He knew this was a phishing attack, as the campaign was getting dozens of them. He said he had meant to type that it was an “illegitimate” e-mail, an error that he said has plagued him ever since"