![](\"https:\/\/media.wired.com\/photos\/5c35116f59e96b0db4565b90\/master\/pass\/manafort_featured_h_14859712.jpg\"\/)
<\/p>\n<\/p>\n
Credit to Author: Louise Matsakis| Date: Wed, 09 Jan 2019 17:02:22 +0000<\/strong><\/p>\n Paul Manafort<\/a> has a horrible track record when it comes to digital security<\/a>. The latest reminder came this week, when his defense lawyers failed to sufficiently redact portions of a court filing<\/a> submitted on Tuesday, responding to Robert Mueller<\/a>\u2019s claims that Manafort violated his plea agreement with the special counsel by lying to prosecutors. The redacted portions of the filing are \u201chidden\u201d by black bars but can easily be revealed by simply highlighting those bars and copying and pasting the text into a new document. (The error is especially troubling given that it\u2019s relatively easy<\/a> to properly redact documents, though lawyers in high-profile corporate<\/a> and even government cases<\/a> have made similar mistakes in recent years.)<\/p>\n In this redacting fail, Manafort\u2019s lawyers revealed that Mueller alleges the former Trump campaign chair shared polling data \u201crelated to the 2016 presidential campaign\u201d with Konstantin Kilimnik, a political consultant the FBI says is connected to Russian intelligence. The \u201chidden\u201d paragraphs also indicate that the government believes Manafort initially lied to the special counsel and investigators about discussing a Ukraine peace plan with Kilimnik and meeting with him in Spain.<\/p>\n At this point, Manafort\u2019s complicated legal battle with Mueller\u2019s office has dragged on for over a year. But this latest wrinkle is evidence of a problem that has plagued the former lobbyist even longer than that: He appears to be very bad at using technology, at least according to evidence that has been made public in court and in leaked documents.<\/p>\n He Reused His Password<\/strong><\/p>\n In October 2017, we learned Manafort\u2019s password practices are apparently subpar. That month, special counsel Robert Mueller first charged<\/a> Manafort with committing a series of financial crimes. After he turned himself in to the FBI, security researchers discovered<\/a> that Manafort allegedly used variations of the phrase \u201cBond007\u201d for both his former Adobe and Dropbox accounts. The researchers connected him to the accounts using hacked<\/a> text messages belonging to Manafort\u2019s daughter, Andrea, which had been released on the dark web earlier that year. (At the time, Manafort confirmed<\/a> that his daughter experienced a breach and that at least some of the messages were authentic.) The correspondence contained what is believed to be Manafort\u2019s former email address. By searching for it in caches of data from past breaches\u2014Adobe was hacked in 2013 and Dropbox in 2012\u2014 the researchers discovered that Manafort allegedly used a James Bond\u2013themed password for both accounts. Security experts strongly advise<\/a> using a complicated, unique password for every account you have.<\/p>\n He Had Trouble Converting Documents<\/strong><\/p>\n In February 2018, federal prosecutors unsealed<\/a> a new indictment against the Manafort, accusing him and his associate Richard Gates<\/a> of committing tax and bank fraud. Mueller\u2019s team detected the scheme in part because Manafort needed Gates\u2019 help converting<\/a> a PDF to the Microsoft Word format.<\/p>\n According to the indictment, in October 2016 Manafort created a fake financial statement for his company in order to obtain a loan. He first emailed Gates the real<\/em> document, which showed $600,000 in losses, and asked Gates to convert the PDF to Word so he could edit it. He then added more than $3.5 million in income and emailed the file back to Gates, requesting he convert it again into a PDF. The emails made it easy for Mueller\u2019s team to tell how and when the financial statement was doctored.<\/p>\n He Stored Incriminating Messages in the Cloud<\/strong><\/p>\n Manafort apparently didn\u2019t know that encryption is useless<\/a> if you\u2019re backing up your files to iCloud. In a court filing in June, Mueller accused<\/a> Manafort of attempting to tamper with witnesses in his case by contacting them over the phone, through an intermediary, and using chat apps including Telegram and WhatsApp. The latter Facebook-owned messaging app is end-to-end encrypted but has a setting that can automatically back up messages to users\u2019 iCloud accounts on iPhone. While the messages Manafort sent were encrypted, the backups he apparently kept were not<\/a>. The FBI simply needed to serve Apple with a search warrant to access them. If Manafort had turned off iCloud backups on WhatsApp, he may not have run into this exact issue. He also could have used Signal, another encrypted messaging app that doesn\u2019t<\/a> back up any message history to iCloud. But Signal wouldn\u2019t have solved all of his woes: Two witnesses turned over messages to the US government themselves.<\/p>\n He Tried to Use an Old Email Trick but Failed<\/strong><\/p>\n At a court hearing that same month, a federal attorney from Mueller\u2019s office accused Manafort of using a technique called \u201cfoldering<\/a>\u201d to contact witnesses without getting caught. Essentially, he created an email account but never sent anything. Instead, he wrote his correspondence in the drafts and shared the account password with the intended recipients. They could sign in, read the messages, and delete them. The problem is the technique, favored<\/a> by the terrorist group al Qaeda, is already familiar to federal prosecutors. Former CIA director David Petraeus and his biographer, Paula Broadwell, also used foldering<\/a> to send secret messages, which the FBI uncovered in 2012. The correspondence indicated the pair were having an affair.<\/p>\n