Richard Diamond

It certainly is convenient for Hillary Clinton to dodge the serious pay-for-play allegations raised by the WikiLeaks disclosures by blaming Vladimir Putin. Anyone paying attention to the corruption exposed in Clinton campaign advisor John Podesta’s purloined emails are, in effect, doing the bidding of the Russian strongman, she argues.

This “Russia is behind it” claim is repeated often enough, but the evidence is thin. During last Wednesday night’s debate, Clinton explained that the “seventeen intelligence agencies” under the purview of the Director of National Intelligence (DNI) are in agreement. “We believe, based on the scope and sensitivity of these efforts, that only Russia's senior-most officials could have authorized these activities,” the DNI said in a joint statement with Homeland Security.

Most people would imagine the heads of America’s top spy agencies are experts on securing sensitive information. And most people would be wrong.

Central Intelligence Agency Director John Brennan was unable to keep his own AOL email account from being compromised by a high-school student. The teenage perpetrator didn’t need the help of a nuclear-armed state to snatch the intelligence official’s password. All he had to do was use a bit of social engineering to gather personal information about Brennan from the official’s cell phone provider. The young man then called up AOL pretending to be the intelligence chief locked out of his email account. AOL obligingly reset the password.

Not long after that embarrassing incident, DNI James Clapper had his account hijacked by the same teen using the same methods. Indeed, this is not so different from the technique used by the miscreants who took control of the Apple iCloud accounts of celebrities, including Jennifer Lawrence, so that their intimate photos and videos could be posted online for all the world to see.

Time to get real about Russia cyber war: Max Boot

Democratic National Committee Chairman Donna Brazile underscored the intelligence agencies’ findings in a conference call cited by Politico in August. “CrowdStrike — the cybersecurity firm hired by the DNC, and other Democratic organizations — confirmed that this is a Russian state-sponsored attack, based on its investigation and the forensic evidence that has been collected," she said. Which is to say that a company on the DNC payroll has echoed the assessment of Obama’s intelligence appointees, including the highly partisan Brennan.

There is a much simpler explanation that doesn’t implicate partisan motives or suppose a cloak-and-dagger conspiracy orchestrated by a foreign power. Simply put, the Democrats who were breached had really dumb passwords.

One of the disclosures from Podesta’s Gmail account was that he chose “Runner4567” as his Apple iCloud password. As passwords go, that’s about as secure as a papier-mache padlock. The campaign chief compounds his error by emailing it around the office and using the same password across multiple websites. This is why users of the 4chan website were able to take over Podesta’s Twitter account shortly after his choice of password became public.

It turns out that Messrs. Podesta, Brennan and Clapper are not alone when it comes to Internet insecurity. Leaked DNC emails also reveal the passwords previously used for the DNC press account include “Obama-Biden-2012” and “obamain08.”

Yes, it’s true that Putin could personally have ordered the hacks, but it is equally true that his top spies would be downright embarrassed at the triviality of breaching a system secured by the secret phrase “obamain08.” Certainly, if they were involved, they would be able to cover their tracks and leave false clues that other states, perhaps the Chinese or North Koreans, were involved. The bits of malware lingering in the DNC system for over a year cited as proof of Russian involvement turns out to be based on an open source protocol. Anyone could have left such fingerprints behind.

The accusations now being thrown around so authoritatively are reminiscent of the bogus assertion that a YouTube video caused a “spontaneous reaction” in Benghazi.

Foreign hacks attack our democracy: Senator Kirk

POLICING THE USA: A look at race, justice, media

What’s more troubling is the administration going all in by announcing a plan to launch U.S.-led attacks on Russian computer assets. Vice President Joe Biden telegraphed the administration’s intent while discussing Syria on Meet the Press. “We're sending a message,” he explained, referring to Putin. “…And it will be at the time of our choosing. And under the circumstances that have the greatest impact.”

Such a boast, if carried into action, could spark a real war, which would be reckless in the extreme. Rather than continue poking the Russian bear to distract from the politically damaging WikiLeaks revelations, Democrats ought to take a few responsible steps toward security. They can start by changing their passwords.

Richard Diamond, a senior director at the White House Writers Group, was the first spokesman for the U.S. House Select Committee on Homeland Security. Follow him on Twitter @RichardPDiamond.

You can read diverse opinions from our Board of Contributors and other writers on the Opinion front page, on Twitter @USATOpinion and in our daily Opinion newsletter. To submit a letter, comment or column, check our submission guidelines.