In an interview Wikileaks’ Julian Assange claimed Hillary campaign chair John Podesta’s email password was literally ‘password’. Because of this, he says, even “a 14-year-old kid could have hacked Podesta that way“. Of course, much of the media is running with this headline.
This story is fun for anyone who hated the Clinton campaign, but it has no legs.
The biggest problem is that Podesta’s email address was a Gmail account: JohnPodesta@gmail.com
Gmail is smart enough to disallow the password ‘password’, so there’s no way Podesta could have used that as his password.
Was Podesta's gmail password 'password'? Nope. Google doesn't let you create an account with that password, or change your password to it. pic.twitter.com/vhW8sfEIKW
— Pwn All The Things (@pwnallthethings) January 4, 2017
Maybe Assange is getting confused- in one email, it is revealed that Podesta’s computer password was ‘p@ssw0rd‘. Another shows his iCloud password was ‘Runner4567‘. Both of these passwords are really insecure. You should never have any number patterns or obvious words/hobbies in a password. However, neither of these are his Gmail password
The hack also was not as simple as just some guy trying out random passwords, and being lucky enough to have ‘password’ work. The attack method used was to send Podesta a spear phishing email, an email that looked like an official Gmail ‘reset password’ alert. Using the links in that email would have directed to an official looking fake form, where Podesta would have been instructed to enter his current password.
A 14 year old couldn’t have done that, nor would a 14 year old even care. They would be a very impressive 14 year old to also hack western military and government targets, NATO, defence companies, journalists, NGOs, political activists and researchers. I doubt they all got hacked because of “weak passwords”.