Report: Russian Hackers Phished The DNC And Clinton Campaign Using Fake Gmail Forms

Citing a report from SecureWorks, BuzzFeed is reporting that Russian hackers "used emails disguised to look as Gmail security updates to hack into the computers of the Democratic National Committee and members of Hillary Clinton's top campaign staff": The emails were sent to 108 members of Democratic presidential nominee Hillary Clinton's campaign and 20 people clicked on them, at least four people clicking more than once, Secureworks' research found. The emails were sent to another 16 people from the DNC and four people clicked on them, the report said.

Researchers found the emails by tracing the malicious URLs set up by [state-sponsored hacking group] Fancy Bear using Bitly, a link shortening service... "We were monitoring bit.ly and saw the accounts being created in real time," said Phil Burdette, a senior security researcher at SecureWorks, explaining how they stumbled upon the the URLs set up by Fancy Bear.
The URL apparently resolved to accounts-google.com (rather than accounts.google.com), and Burdette says "They did a great job with capturing the look and feel of Google."

Link shortening is a horrible, horrible idea

[93+Escort+Wagon]

Frankly I'm surprised we don't see this technique used more often.

Re: Trumps America

It is certainly best for Clintons campaign ito fix blame on "the Russians". It would be better for Trumps campaign if he could blame China. Ergo if the Russians actually did it they would have false flagged China. That is if Russia cares.

Re:Clinton, Podesta, Putin and Trump

OH SHIT. Politifact calls it false. If a Democrat newspaper pretending to be an impartial fact checker says so, then you know it must be true.

Remember Politifact labeling "If you like your doctor you can keep your doctor" the Lie of the Year? What they don't tell you is that they used to call it "true". Then they later changed it to "half true". Only after it became completely indefensible did they finally turn on it.

Re:Education

[arth1]

Education and training is always the weakest link.

No, human trust is the weakest link.
I doubt that you can convert a single human being from "trust by default" to "distrust by default" through education. And training can only help with specific and narrow threats, and once attackers change their tactics, those who trust by default are just as vulnerable again.

It's a mindset, not knowledge. If you don't have healthy paranoia, you're always going to be prey.

Another reason to use 2 facter auth

[Kythe]

As long as they were using Gmail in the first place, enabling 2 factor authentication, with the second factor being a U2F key like an inexpensive Yubikey, would have gone a ling ways towards preventing this,

Re:Another reason to use 2 facter auth

[Zontar+The+Mindless]

It has one. It's called "Preview". How much did you pay for that 4-digit account, anyway?

Re:Education

[Zontar+The+Mindless]

Paranoia is never "healthy". *Awareness*, however, is always a damned good idea.

Re:Americans should cringe

[93+Escort+Wagon]

I hope all Americans realize that the rest of the world is dumbfounded that Clinton and Trump are supposedly the best candidates for the presidency of your great nation.

A lot of us Americans share your disbelief. Personally, I could really go for a repeal of the twenty-second amendment right about now...

Re:Clinton, Podesta, Putin and Trump

[Maxo-Texas]

Someone firebombed the GOP office.

Was it even further right wing nutjobs?
Was it a false flag operation as they are getting desperate about losing NC?
Was it really really dumb left wingers?
Was it democrats?

Who knows. I hope they catch whoever did it.

Re:Clinton, Podesta, Putin and Trump

[meta-monkey]

Not Clinton, the DNC

Doesn't Podesta work for Hillary, not the DNC? Were his emails stored with the DNC? I thought it was her campaign that was hacked/leaked also.

Registered and disclosed. Do you see how it works now?

No, I don't. What's different?

Also, how does that make it okay? We've got leaked Podesta emails yelling "Take the money!!!!" from people linked to Russia, Saudi Arabia, Qatar, and other awful places, funneled through properly registered and disclosed agents. How does being bought by fucking Saudi Arabia and Qatar become okay just because it's legal? I care about the "being bought by Saudi Arabia and Qatar" part. Whether it was done by legal accounting legerdemain or sacks of cash in a DC parking garage at 3am is irrelevant.

I would say we need to change the laws to make any money sourced from overseas illegal to be used in campaigning, but I don't think it would matter. Hillary breaks election and campaign finance laws with impunity and will never be prosecuted. We are in a post-legal state.

The answer is: I don't know

[XXongo]

The building was vandalized with the phrase "Nazi Republicans Leave Town or Else". Who else do you think would have done it?

The correct answer is: "I don't know, and you don't know either."

It's hard to believe it was the Democrats, since all the polls and all the indications show that they're winning. Why in the world would they want to change a winning game?

Throwing bombs isn't something you do if you're winning; it's what you do if you're losing.

But, with that said, I doubt it's the Trump campaign. I expect it was lunatic fanatic crazies.

Whether the lunatic fanatic crazies thought they were on Trump's side, or on Clinton's side, is yet to be seen.