How Hackers Broke Into John Podesta and Colin Powell's Gmail Accounts

An anonymous reader quotes a report from Motherboard: On March 19 of this year, Hillary Clinton's campaign chairman John Podesta received an alarming email that appeared to come from Google. The email, however, didn't come from the internet giant. It was actually an attempt to hack into his personal account. In fact, the message came from a group of hackers that security researchers, as well as the U.S. government, believe are spies working for the Russian government. At the time, however, Podesta didn't know any of this, and he clicked on the malicious link contained in the email, giving hackers access to his account. The data linking a group of Russian hackers -- known as Fancy Bear, APT28, or Sofacy -- to the hack on Podesta is also yet another piece in a growing heap of evidence pointing toward the Kremlin. And it also shows a clear thread between apparently separate and independent leaks that have appeared on a website called DC Leaks, such as that of Colin Powell's emails; and the Podesta leak, which was publicized on WikiLeaks. All these hacks were done using the same tool: malicious short URLs hidden in fake Gmail messages. And those URLs, according to a security firm that's tracked them for a year, were created with Bitly account linked to a domain under the control of Fancy Bear. The phishing email that Podesta received on March 19 contained a URL, created with the popular Bitly shortening service, pointing to a longer URL that, to an untrained eye, looked like a Google link. Inside that long URL, there's a 30-character string that looks like gibberish but is actually the encoded Gmail address of John Podesta. According to Bitly's own statistics, that link, which has never been published, was clicked two times in March. That's the link that opened Podesta's account to the hackers, a source close to the investigation into the hack confirmed to Motherboard. That link is only one of almost 9,000 links Fancy Bear used to target almost 4,000 individuals from October 2015 to May 2016. Each one of these URLs contained the email and name of the actual target. The hackers created them with with two Bitly accounts in their control, but forgot to set those accounts to private, according to SecureWorks, a security firm that's been tracking Fancy Bear for the last year. Bitly allowed "third parties to see their entire campaign including all their targets -- something you'd want to keep secret," Tom Finney, a researcher at SecureWorks, told Motherboard. Thomas Rid, a professor at King's College who studied the case extensively, wrote a new piece about it in Esquire.

Ignores the issue

[s.petry]

If the DNC, Podesta, and Media, State Department, DOJ, FBI, and Hillary camp did nothing wrong there would be nothing to expose.

It really truly matters little "who" did the hacking. DNC colluded with media to install a candidate of their choosing. Super-PACs are colluding with the DNC. Clinton Foundation is mostly a front for pay-for-play and benefiting Hillary. Hillary is not the mild tempered person the media has been trying to portray her as, lies to the public, and is in it for personal power. Nothing we didn't already believe but now we have validation.

It does not matter if it was Russia, a 400lb guy in the basement, or a disgruntled staff member (still my most likely suspect) the actions described in the emails are illegal.

Russia, guilty or not, is being used as a way to white wash the conversation.

Re:Ignores the issue

[Archangel+Michael]

Well, there are two issues here, and people love to conflate them together.

1) Spear Phishers got to Podesta, and gained access to his account. The media calls it "hacking" but it wasn't, it was social engineering. One requires expert skills in computers, the other requires basic knowledge of psychology. THIS is all on Podesta for not using 2 Factor authentication.

2) The other bit about collusion with Media, DNC, Hillary Campaign and it even ties into Project Veritas "Bird Dogging" tapes.

These are TWO separate issues, and should be addressed as such. Trump could have flipped the whole "Trump and Putin are buddies" bit by Clinton by saying "I condemn the hack. But that doesn't eliminate the horrible dirty politics of the DNC, Media and Hillary Clinton that was exposed. Hillary, how do you justify Bird Dogging my campaign?"

But Trump is an idiot. He'll never get how to flip attacks back onto the attackers. It requires a kind of mental judo he can't perform.

Re:Ignores the issue

[Xenographic]

BTW, the first batch of Obama emails are out: https://wikileaks.org/podesta-...

They're boring, though. Wait for later dumps.

Also, please remember that it may be illegal to view the emails unless you have CNN authorization. You can learn a lot from CNN, like the fact that we already have congressional term limits. Someone might want to let Wikipedia know about that.

Re:Ignores the issue

[MightyMartian]

Ah yes, the real damaging ones are just around the corner...

It's less than three weeks away, and no modern presidential candidate has ever come from this far behind at this late a date, so if Assange and Friends really are interested in tanking the Clinton campaign, to wait until this late date, AFTER millions have already cast their ballots, would be idiotic.

The alternative explanation is that there really isn't anything there so odious that it's going to make a difference, and this is just Assange's latest "Look at me!" bid.

Probably his last, too, if the rumors that Ecuador is in discussions to kick his ass out of the embassy.

Re: Ignores the issue

[luis_a_espinal]

Part of it is idiots crossing party lines to vote for the "easiest to beat" candidate in the party they don't plan to actually vote with in the general.

I get the idea of "strategic" voting, but for the love of freedom, please only do that by voting for "least bad" in the general, rather than sabotaging All of us In the primaries.

Bullshit. Intra-party results in closed primary states mirrored those of the country as a while. There is a lot to debate how Clinton won over Sanders, but there is no debate there were a whole bunch of idiots on the other side of the fence who ENTHUSIASTICALLY went for Trump, hook, line and sinker.

One has to wonder the type of bubble one must live in to buy into that kind of tripe.

Re:Basement theory

[MightyMartian]

Circumstantial may mean there's a question mark, but it doesn't mean "no evidence at all". Certainly Russia would gain greatly from a President who was less willing to stand behind the US's European allies, and who, all in all, would likely represent a more inward-gazing US. Russia has no hope in hell of ever militarily dominating the West, but if it can divide, then it gains a great deal of strategic space.

Clinton's victory means the general policy towards Russia that has, by and large, been the US's strategy since the Truman Administration, remains intact, so it is clearly in Russia's interest to try to help the person that at least might represent a break with that strategy.

Yes, it is circumstantial, and there is a possible counterargument that not even Putin actually would want someone as potentially unpredictable as Donald Trump in the White House, but I still lean towards Russia wanting a more isolationist Administration in the White House, much as it wants the European Union and NATO to be weakened. These three entities; the US, the EU and NATO represent significant checks on Russia's ability to project its power, and if any or all of them can be weakened or eliminated, it is of enormous strategic advantage to Russia.

Re:Russian Government? Why use a contractor?

[guruevi]

I would say they're both as are most people in computer security these days. You cannot identify a state-level attacker, only guess. The Stuxnet is a great example, it's "probably" the US or Israel but you can't say for certain because it leaves no trace.

I must assume given the transparency of the attack this is just a corporate-level hacking group that happened to stumble upon the motherload and probably didn't even realize for months what they had.