Hacked email reveals staffer mocked report that DNC was 'horrible' at cybersecurity

Advertisement

clinton

Joshua Roberts/Reuters

Democratic presidential candidate Hillary Clinton speaks to supporters at the Human Rights Campaign Breakfast in Washington, October 3, 2015.

Among the nearly 20,000 emails published on Wikileaks following the massive hack of the Democratic National Committee is one that, quite ironically, mocks a BuzzFeed News report critical of the DNC and RNC's cybersecurity practices.

Advertisement

"The dumbest thing I've ever read," wrote Eric Walker, the DNC's deputy communications director, in the subject line of a May 5 email to the distribution list of his communications team.

Walker's comment was in response to a BuzzFeed News report published earlier that day in which cybersecurity experts criticized both the DNC and GOP for their practice of handing out USB thumb drives to reporters. Most cybersecurity experts agree that USB drives are among the biggest threats to an organization, since they can be loaded up with malicious software that can go undetected to traditional antivirus software.

Walker did not agree with that assessment.

"The thesis: we hand out thumb drives at events, which could infect the reporters/attendees' computers. So that means that we're bad at cybersecurity. Okay," he wrote in the email.

Advertisement

As it turns out, at least two different hacker groups associated with the Russian government were already inside the networks of the DNC at the time of Walker's email, and they had been there for about a year, reading emails, chats, and downloading private documents.

There were further indications of poor cybersecurity practices within the DNC, as other leaked emails show.

For instance, after the party's "Factivists" website was hacked, a staffer sent the new password for the website over email. And there were Microsoft Excel spreadsheets being shared over email that contained personal information, such as names, addresses, and Social Security numbers.

The FBI said Monday it had launched an investigation into the breach.