Considering it’s a hacker organization whose calling card is the anonymity it provides to whistleblowers leaking government secrets, WikiLeaks sure seems to have some shoddy security practices. The transparency group, led by its chief-in-exile Julian Assange, sent a series of direct messages over Twitter to Donald Trump Jr. starting on Sept. 20, 2016, less than two months before Election Day, according to a report in the Atlantic.
In correspondence with Trump’s son, the WikiLeaks account shared details about a new anti-Trump website it said was about to launch, putintrump.org, and provided the login information for the site. “We have guessed the password. It is ‘putintrump,” the message read.
“Off the record I don’t know who that is, but I’ll ask around,” Donald Trump Jr. responded.
Sending a Twitter direct message was an incredibly dumb move, at least from a digital security perspective, but Assange’s WikiLeaks continued to communicate with Trump’s son over Twitter for at least another 10 months, long after his father became president. The direct messages were shared with congressional investigators by Trump Jr.’s lawyers.
Twitter’s direct messages are not encrypted, which make it a poor medium for correspondence with a high-profile, potentially soon-to-be U.S. president’s son, especially if that correspondence is about hacking into someone else’s website. That’s because stealing a password and then using it without authorization is a violation of a federal anti-hacking law called the Computer Fraud and Abuse Act. If the Trump campaign did use the password to sneak into the backend of an opposition website, WikiLeaks potentially led the Trump campaign to participate in criminal activity.
U.S. intelligence officials reported in January that they’ve assessed with “high confidence” that WikiLeaks worked with Russian military intelligence to release stolen emails from the Democratic National Convention in July 2016. If that is true, WikiLeaks conspired with Russia to sway a U.S. presidential election, and then paved roads between itself, a Russian government conspirator, and the Trump campaign—not a good look for an administration trying to dismiss claims that it knowingly got a leg up from the Kremlin before Election Day.
Trump Jr.’s correspondence with WikiLeaks began as the investigation into Russian interference in the run-up to 2016 election was starting to heat up, only months after the WikiLeaks release of the DNC emails and right before WikiLeaks released a second trove of emails from Clinton’s campaign manager, John Podesta. WikiLeaks, according to the Atlantic’s report, continued to contact Donald Trump Jr. months after his father, Donald Trump, entered the White House and while multiple investigations into the Trump campaign’s possible collusion with Russian agents were well under way. In other words, it appears WikiLeaks collaborated with hackers, likely Russian, to release stolen emails in an effort to support Trump’s candidacy, and in the midst of the chaos around the release the stolen Clinton-related emails, Assange’s organization maintained some level of communication with the Trump campaign through the candidate’s son.
If Assange was getting advice from a security professional that this was a fine move, that person was either giving intentionally bad advice or is terrible at their job. It doesn’t take a Ph.D. in cryptography to know that it would make sense to keep some real distance from the campaign you’re trying to boost with stolen emails, hacked passwords, and a strong connection to Russia, which was already suspected of interfering with the election. Assange’s organization either terribly miscalculated how far the federal investigations into Russian meddling in the U.S. election would go, or his team just wasn’t worried about it. If the latter is true, the temerity and naivety of WikiLeaks is nothing short of phenomenal.
What’s more, the Wall Street Journal reported Friday that the CEO of the data firm hired by the Trump campaign, Cambridge Analytica, had reached out to WikiLeaks’ founder Julian Assange to ask if it could “help better organize” the emails WikiLeaks was releasing about Hilary Clinton. That contact apparently happened in early June, at the same time Cambridge Analytica was in negotiations to join the Trump campaign. WikiLeaks didn’t start publishing documents stolen from the DNC until July.
