Dozens of mainstream outlets and countless news blogs have picked up on statements made by Julian Assange to Fox News’s Sean “I never claimed to be a journalist” Hannity during an interview conducted at the Ecuadorian Embassy in London which aired Tuesday evening.
As reported on the Fox News website:
"We published several ... emails which show Podesta responding to a phishing email," Assange said during the first part of the interview, which aired on "Hannity" Tuesday night. "Podesta gave out that his password was the word ‘password’. His own staff said this email that you’ve received, this is totally legitimate. So, this is something ... a 14-year-old kid could have hacked Podesta that way."
Sure, the dismissive remark about the possibility that a “14 year-old kid” could have been behind the spearphishing attack is technically true, it ignores what has been uncovered about the nature of the attack.
Security expert Matt Tait, who tweets as @PwnAllTheThings, did an excellent breakdown of the publicly available evidence regarding the spearphishing attack on Twitter. The tweets can be viewed in this HuffPo UK article but it suffices to say, he doesn’t find the 14 Year-Old Kid Hypothesis particularly compelling:
While Assange might be easily forgiven a bit of hyperbole, along with his speculation about adolescent threat attackers, he made another claim which appears to be, for lack of more imaginative phrasing — a straight up lie.
"Podesta gave out that his password was the word ‘password’.”
First and foremost, we know that the password wasn’t “password” because Google doesn’t permit users to set a password of “password” for their Google accounts.
Far more likely what Assange meant wasn’t the plain English word password but rather “p@ssw0rd” with two non-alphabetical substitutions. While ever so slightly better, that is still a horrible password that nobody should ever use.
Disturbingly, Assange seems to have taken a page right out of the “fake news” playbook as the basis for his claim is almost certainly the exact same misrepresentation of the contents of an email from Wikileak’s Podesta Emails archive that was making the “fake news” rounds two weeks ago.
The email in question has can be viewed here in the Wikileaks archives. Here’s an excerpt of the relevant portions:
From: eryn.sepp@gmail.com
To: john.podesta@gmail.com
Date: 2015-02-19 00:35
Subject: 2 things
Though CAP is still having issues with my email and computer, yours is good to go.
jpodesta
p@ssw0rd
I warn you, the Windows 8 system is VERY different from what we had back at the WH. Might require a tutorial. It's an operating system that is best with touch screens, which we obviously don't have. If you need tech's help, they're at x5683. Otherwise, I can show you some tricks when I get in. I have it on my home computer, and it took a while to get used to completely.
Here we see that the password in question has absolutely nothing to do with Podesta’s Gmail account. In fact, it appears to be a temporary password created by the person responsible for setting up what was likely a Windows AD domain account for Podesta at the Center for American Progress (CAP) in 2015.
The only question in my mind is whether Assange was ignorantly repeating fake news or as I suspect, being deliberately deceptive.