For a few days now, WikLeaks has been publishing select emails from Clinton campaign chairman John Podesta — and the leaks are starting to cause serious damage. Most likely obtained from a hacked archive file, the latest dump contains all sorts of sensitive info on Podesta with no obvious news value, including his Social Security number and enough info to compromise his Twitter account.
But the most painful casualty of the latest dump may have been Podesta’s iPhone. The leak contained Podesta’s Apple ID credentials, and a group of 4chan users claim to have used those credential to gain access to Podesta’s iCloud account. From there, they triggered a remote wipe of both an iPhone and iPad belonging to the campaign chief. Others claim to have also downloaded all of the data in Podesta’s iCloud account, although those claims are difficult to verify.
Before the wipe, the attackers posted a screenshot of Podesta’s iPhone somewhere in Downtown Brooklyn, near the Clinton campaign headquarters. (Clinton herself is currently in California.)
Apparently some asshole from anonymous compromised Podesta’s Apple account using creds in WL dump and remotely wiped his phone. V cruel. pic.twitter.com/ZdfWf2NkuY
— Pwn All The Things (@pwnallthethings) October 13, 2016
The users posted various other screenshots as evidence, but — 4chan being 4chan — it’s hard to be sure the screenshots weren’t altered or other information concealed. Still, such a hack is entirely plausible given the information available in the leak. iCloud has long been vulnerable to social engineering attacks, and such an attack would be far easier with the subject’s Social Security number and other financial data available in the leak. If the Apple credentials included in the emails were genuine, such an attack would not even be necessary. Unless Podesta had two-factor authentication turned on, there would be little stopping the attackers from wiping the devices.