How Hackers Broke Into John Podesta and Colin Powell's Gmail Accounts

An anonymous reader quotes a report from Motherboard: On March 19 of this year, Hillary Clinton's campaign chairman John Podesta received an alarming email that appeared to come from Google. The email, however, didn't come from the internet giant. It was actually an attempt to hack into his personal account. In fact, the message came from a group of hackers that security researchers, as well as the U.S. government, believe are spies working for the Russian government. At the time, however, Podesta didn't know any of this, and he clicked on the malicious link contained in the email, giving hackers access to his account. The data linking a group of Russian hackers -- known as Fancy Bear, APT28, or Sofacy -- to the hack on Podesta is also yet another piece in a growing heap of evidence pointing toward the Kremlin. And it also shows a clear thread between apparently separate and independent leaks that have appeared on a website called DC Leaks, such as that of Colin Powell's emails; and the Podesta leak, which was publicized on WikiLeaks. All these hacks were done using the same tool: malicious short URLs hidden in fake Gmail messages. And those URLs, according to a security firm that's tracked them for a year, were created with Bitly account linked to a domain under the control of Fancy Bear. The phishing email that Podesta received on March 19 contained a URL, created with the popular Bitly shortening service, pointing to a longer URL that, to an untrained eye, looked like a Google link. Inside that long URL, there's a 30-character string that looks like gibberish but is actually the encoded Gmail address of John Podesta. According to Bitly's own statistics, that link, which has never been published, was clicked two times in March. That's the link that opened Podesta's account to the hackers, a source close to the investigation into the hack confirmed to Motherboard. That link is only one of almost 9,000 links Fancy Bear used to target almost 4,000 individuals from October 2015 to May 2016. Each one of these URLs contained the email and name of the actual target. The hackers created them with with two Bitly accounts in their control, but forgot to set those accounts to private, according to SecureWorks, a security firm that's been tracking Fancy Bear for the last year. Bitly allowed "third parties to see their entire campaign including all their targets -- something you'd want to keep secret," Tom Finney, a researcher at SecureWorks, told Motherboard. Thomas Rid, a professor at King's College who studied the case extensively, wrote a new piece about it in Esquire.

Phishing, not hacking.

Truly, only Vladimir Putin himself could have phished some cluser's Google password.

Re:Phishing, not hacking.

[Archangel+Michael]

This is SpearPhishing, a highly targeted personalized attack.

Speculation

[Glith]

That they sent a couple of bit.ly links that got clicked on a couple of times isn't surprising. The source claiming it's all the Russians is the same NSA source that perjured himself in front of congress.

Podesta uses the same password across every service he's on, and didn't even start changing it once his emails started pouring to the public by the thousands. It was likely exposed by a dozen other hacks.

This AC really wants us to believe

[AHuxley]

How many stories have we had on this topic?
Lets go back down the stories and their new Bear related findings, spies, moles, data diodes and the private sector.
Starting with "How Hackers Broke Into John Podesta and Colin Powell’s Gmail Accounts"
https://motherboard.vice.com/r...
"It’s unclear why the hackers used the encoded strings, which effectively reveal their targets to anyone."
and finally "None of this new data constitutes a smoking gun that can clearly frame Russia"
So the first hint of something that is not very spy like?
Lets try the other link:
https://theintercept.com/2016/... (September 14 2016)
"https://theintercept.com/2016/09/13/colin-powell-emails/"
has "a hacker that many allege to have ties with Russian intelligence." and thats all.
Finally past the two slashdot links and down at
"How Russia Pulled Off the Biggest Election Hack in U.S. History" (OCT 20, 2016 )
http://www.esquire.com/news-po...
Lets keep reading past the 56k modems and 1950's see whats new.
"immediately discovered two sophisticated groups of spies" They are not great spies if they are "immediately discovered" by the private sector.
"soon able to reconstruct the hacks and identify the hackers." If the entry was so easy to reconstruct, it could be anyone with the skills.
"each of the attackers seemed unaware of what the other was doing" so more than one group used methods out in the wider public at random times?
Sounds like a few different groups are active.
So groups with "immediately discovered" methods must be the GRU and KGB?
"But several sloppy mistakes"... Do spies make so many "sloppy mistakes"? Use of their own language and emoji?
The Germans added their support to 'Fancy Bear" from years ago. Well understood methods by "different" groups that the private sector was well aware of?
The "hackers forgot to set" - that sounds like spies? Such a "rapid public reconstruction" and in public so the media could follow along?
Then onto the NSA, data diodes, and a small hint at a real spy could be in play with "an old-fashioned mole passed on the tools."
How did the other data get out? "Using commercial cloud services to "exfiltrate" data out"
So we are back to ip ranges? "Confident" in URL's and all that code litter that expert "spies" left for the media, private sector and "open-source counterintelligence" to find. Don't forget the easy to find emoji as part of the litter :)