How Hackers Broke Into John Podesta and Colin Powell's Gmail Accounts

An anonymous reader quotes a report from Motherboard: On March 19 of this year, Hillary Clinton's campaign chairman John Podesta received an alarming email that appeared to come from Google. The email, however, didn't come from the internet giant. It was actually an attempt to hack into his personal account. In fact, the message came from a group of hackers that security researchers, as well as the U.S. government, believe are spies working for the Russian government. At the time, however, Podesta didn't know any of this, and he clicked on the malicious link contained in the email, giving hackers access to his account. The data linking a group of Russian hackers -- known as Fancy Bear, APT28, or Sofacy -- to the hack on Podesta is also yet another piece in a growing heap of evidence pointing toward the Kremlin. And it also shows a clear thread between apparently separate and independent leaks that have appeared on a website called DC Leaks, such as that of Colin Powell's emails; and the Podesta leak, which was publicized on WikiLeaks. All these hacks were done using the same tool: malicious short URLs hidden in fake Gmail messages. And those URLs, according to a security firm that's tracked them for a year, were created with Bitly account linked to a domain under the control of Fancy Bear. The phishing email that Podesta received on March 19 contained a URL, created with the popular Bitly shortening service, pointing to a longer URL that, to an untrained eye, looked like a Google link. Inside that long URL, there's a 30-character string that looks like gibberish but is actually the encoded Gmail address of John Podesta. According to Bitly's own statistics, that link, which has never been published, was clicked two times in March. That's the link that opened Podesta's account to the hackers, a source close to the investigation into the hack confirmed to Motherboard. That link is only one of almost 9,000 links Fancy Bear used to target almost 4,000 individuals from October 2015 to May 2016. Each one of these URLs contained the email and name of the actual target. The hackers created them with with two Bitly accounts in their control, but forgot to set those accounts to private, according to SecureWorks, a security firm that's been tracking Fancy Bear for the last year. Bitly allowed "third parties to see their entire campaign including all their targets -- something you'd want to keep secret," Tom Finney, a researcher at SecureWorks, told Motherboard. Thomas Rid, a professor at King's College who studied the case extensively, wrote a new piece about it in Esquire.

"Legitimate" URL Shortening in email is stupid

[WoodstockJeff]

We have most URL shortening services blocked on our email system. It's a policy that has been in place for years - in email, it does not matter how long or ugly the URL is, it should be fully there.

If a service has a way to view the destination without actually going there, we MIGHT let it through. But even that policy needs review. Maybe we just need to crank up the SpamAssassin score by 10.0 for each one found...

Re:"Legitimate" URL Shortening in email is stupid

URL shortening is stupid everywhere. What is the point? Do people actually type out a shortened URL (vs. copy/paste).
What is the purpose of this "technology", other than accommodating Twitter?

idiots

[ooloorie]

These are the idiots who are likely going to win the election, start a cyber war with Russia, and be privy to the innermost secrets of our government. And instead of resigning, Hillary goes on whining about it's all Trump's fault.

For Hillary, it's never Hillary's fault, it's always a Russian conspiracy, or a vast right wing conspiracy, or bad luck, or "I didn't do it", or ... WDATPDIM?

It's sickening.