【 以下文字转载自 USANews 讨论区 】 发信人: brihand (brihand), 信区: USANews 标 题: 拉里团队智商堪忧:一个typo引起的hacking 发信站: BBS 未名空间站 (Tue Dec 13 16:15:58 2016, 美东) The hack and eventual release of a decade’s worth of Clinton campaign head John Podesta’s emails may have been caused by a typo, reports the New York Times. On March 22, Podesta received an email purportedly from Google saying hackers had tried to infiltrate his Gmail account. When an aide emailed the campaign’s IT staff to ask if the notice was real, Charles Delavan, replied that the email was “a legitimate email" and that Podesta should “change his password immediately.” The email was not legitimate. It was a phishing email that ultimately revealed Podesta’s password to hackers. Soon after, WikiLeaks began releasing 10 years of Podesta’s emails. Delavan told the Times he had intended to type ‘illegitimate,” a typo he still has not forgiven himself for making. Instead of telling the aide that the email was a threat and that a good response to the threat would be to change his password on Google’s real website, he had inadvertently told the aide to click on the fraudulent email and give the attackers access to the account. In late October the firm SecureWorks identified a Bit.ly account and Wikileaks-released email that appeared to have been used to attack Podesta’ s account. The Bit.ly service shortens web addresses, which can make them easier to share – and less likely to set off malicious website alarms. SecureWorks found a Bit.ly account being used by hackers containing links to a spate of phishing sites with victim information encoded in the web address. SecureWorks soon found the email, and Delavan’s response, in the Wikileaks archive. The Podesta leaks dominated the news cycle towards the end of the campaign, and included then-CNN contributor Donna Brazile giving the Clinton camp advance warning of questions Clinton would be asked during primary debates. Brazile is now acting chair of the Democratic National Committee.