The Democratic National Committee headquarters iin Washington, D.C. (Photo: Alex Brandon/AP)
View photos
The Democratic National Committee headquarters iin Washington, D.C. (Photo: Alex Brandon/AP)
Just weeks after she started preparing opposition research files on Donald Trump’s campaign chairman Paul Manafort last spring, Democratic National Committee consultant Alexandra Chalupa got an alarming message when she logged into her personal Yahoo email account.
“Important action required,” read a pop-up box from a Yahoo security team that is informally known as “the Paranoids.” “We strongly suspect that your account has been the target of state-sponsored actors.”
Chalupa — who had been drafting memos and writing emails about Manafort’s connection to pro-Russian political leaders in Ukraine — quickly alerted top DNC officials. “Since I started digging into Manafort, these messages have been a daily oc­­­­currence on my Yahoo account despite changing my p­­a­ssword often,” she wrote in a May 3 email to Luis Miranda, the DNC’s communications director, which included an attached screengrab of the image of the Yahoo security warning.
“I was freaked out,” Chalupa, who serves as director of “ethnic engagement” for the DNC, told Yahoo News in an interview, noting that she had been in close touch with sources in Kiev, Ukraine, including a number of investigative journalists, who had been providing her with information about Manafort’s political and business dealings in that country and Russia.
“This is really scary,” she said.
Chalupa’s message is among nearly 20,000 hacked internal DNC emails that were posted over the weekend by WikiLeaks as the Democratic Party gathered for its national convention in Philadelphia. Those emails have already provoked a convulsion in Democratic Party ranks, leading to the resignation of DNC Chair Debbie Wasserman Schultz in the wake of posted messages in which she and other top DNC officials privately derided Bernie Sanders and plotted to undercut his insurgent campaign against Hillary Clinton.
But Chalupa’s message, which had not been previously reported, stands out: It is the first indication that the reach of the hackers who penetrated the DNC has extended beyond the official email accounts of committee officials to include their private email and potentially the content on their smartphones. After Chalupa sent the email to Miranda (which mentions that she had invited this reporter to a meeting with Ukrainian journalists in Washington), it triggered high-level concerns within the DNC, given the sensitive nature of her work. “That’s when we knew it was the Russians,” said a Democratic Party source who has knowledge of the internal probe into the hacked emails. In order to stem the damage, the source said, “we told her to stop her research.”
A Yahoo spokesman said the pop-up warning to Chalupa “appears to be one of our notifications” and said it was consistent with a new policy announced by Yahoo on its Tumblr page last December to notify customers when it has strong evidence of “state sponsored” cyberattacks. “Rest assured we only send these notifications of suspected attacks by state-sponsored actors when we have a high degree of confidence,” wrote Bob Lord, the company’s Chief Information Security Office