Slashdot Mirror

← Back to Stories (view on slashdot.org)

How Hackers Broke Into John Podesta and Colin Powell's Gmail Accounts (vice.com)

Posted by BeauHD on from the how-it's-made dept.

An anonymous reader quotes a report from Motherboard: On March 19 of this year, Hillary Clinton's campaign chairman John Podesta received an alarming email that appeared to come from Google. The email, however, didn't come from the internet giant. It was actually an attempt to hack into his personal account. In fact, the message came from a group of hackers that security researchers, as well as the U.S. government, believe are spies working for the Russian government. At the time, however, Podesta didn't know any of this, and he clicked on the malicious link contained in the email, giving hackers access to his account. The data linking a group of Russian hackers -- known as Fancy Bear, APT28, or Sofacy -- to the hack on Podesta is also yet another piece in a growing heap of evidence pointing toward the Kremlin. And it also shows a clear thread between apparently separate and independent leaks that have appeared on a website called DC Leaks, such as that of Colin Powell's emails; and the Podesta leak, which was publicized on WikiLeaks. All these hacks were done using the same tool: malicious short URLs hidden in fake Gmail messages. And those URLs, according to a security firm that's tracked them for a year, were created with Bitly account linked to a domain under the control of Fancy Bear. The phishing email that Podesta received on March 19 contained a URL, created with the popular Bitly shortening service, pointing to a longer URL that, to an untrained eye, looked like a Google link. Inside that long URL, there's a 30-character string that looks like gibberish but is actually the encoded Gmail address of John Podesta. According to Bitly's own statistics, that link, which has never been published, was clicked two times in March. That's the link that opened Podesta's account to the hackers, a source close to the investigation into the hack confirmed to Motherboard. That link is only one of almost 9,000 links Fancy Bear used to target almost 4,000 individuals from October 2015 to May 2016. Each one of these URLs contained the email and name of the actual target. The hackers created them with with two Bitly accounts in their control, but forgot to set those accounts to private, according to SecureWorks, a security firm that's been tracking Fancy Bear for the last year. Bitly allowed "third parties to see their entire campaign including all their targets -- something you'd want to keep secret," Tom Finney, a researcher at SecureWorks, told Motherboard. Thomas Rid, a professor at King's College who studied the case extensively, wrote a new piece about it in Esquire.

29 of 116 comments (clear)

  1. Phishing, not hacking. by Anonymous Coward · · Score: 2, Informative

    Truly, only Vladimir Putin himself could have phished some cluser's Google password.

    1. Re:Phishing, not hacking. by Archangel+Michael · · Score: 5, Informative

      This is SpearPhishing, a highly targeted personalized attack.

      --
      Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
    2. Re:Phishing, not hacking. by Xenographic · · Score: 3, Funny

      Yeah, I love doing that kind of thing.

      I also convince the telemarketers that I'm putting them on hold and never come back. For example, the computer repair scam? Try -

      "Oh, I'm so glad you called! I have a HUGE virus problem and my computer is REALLY slow. Yeah, I'll turn my computer on for you. Just wait a few minutes, it can take 15 minutes to boot up with all those viruses. Do you mind if I put you on hold while we wait for it to finish? I'll be right back...."

      Now put them on hold or mute and wait for them to hang up.

    3. Re:Phishing, not hacking. by whoever57 · · Score: 2

      Oh, yes, my favourite: "Yes, I'll get ", or "Hold on, there's someone at the door". Then I see how long before they realize and hang up.

      Some idiots even call back, at which time I usually explain that I was purposefully wasting their time.

      --
      The real "Libtards" are the Libertarians!
    4. Re:Phishing, not hacking. by BoogieChile · · Score: 2

      I like to put on my foggy old codger act to coddle them along;

      "Start...run....event....viewer.....Oh, it's not good, I'll never remember all this. Do you want me to go to the computer and you can talk me through it? Oh, that's so good of you. It takes so long to start up, my grandson built it for me, but I don't know how to use it, really.....Oh, I think it's stuck, I'll have to turn it off and turn it on again, that what he always tells me to do, hee-hee-hee...etc, etc..." ...While I fire up my here's-one-I-prepared-earlier VM that they can (usually) finally figure out a way to get me to let them connect to before they eat their own headsets out of sheer frustration.

      Then WireShark tells me their IP address and I tell /b/ chan what that IP address is. It's usually around then that some civic-minded soul out there fires up the low-orbit ion cannon and then they usually have to find another ISP. It's always entertaining to watch what happens to their website until that happens

    5. Re:Phishing, not hacking. by terjeber · · Score: 2

      Got a call from "Microsoft" a little while back. The original caller informed me my PC was in trouble and then transferred me to my Scandinavian representative, Mr Gundersen (I kid you not). Mr Gunderson spoke English with a heavy Indian accent (why he didn't speak any of the Scandinavian languages was never explained). Anyway, me, being a really dumb user, took a long time to accomplish what Mr. Gundersen wanted me to do: download and install TeamViewer.

      After a good hour I finally "managed to install TV" so Mr. Gundersen asked me for the ID and password. I gave him a random number and the password was f-u-c-k-y-o-u. He tried it several times, but our connection was going bad, so I kept saying "hello", "hello", "hello" and hung up. After a few minutes a rather angry Mr Gundersen called me back and explained in some detail how I could have a sexual encounter with my mother. I didn't really take him up on that. It was a fun hour or so, and I needed an hours break at the time :-) Two colleagues monitoring our conversation also had a good time. I was a really stupid computer user. Just finding the TeamViewer website (which turned out was not on my local computer and therefore not accessible from my Explorer) took a good 15-20 minutes.

  2. I'm here too early! by Bigjeff5 · · Score: 2

    I was looking for the big argument about how Phishing isn't Hacking, and these guys shouldn't be called hackers!

    Guess I'll have to wait...

    --
    Security is mostly a superstition... Avoiding danger is no safer in the long run than outright exposure. - Helen Keller
  3. Basement theory by Tablizer · · Score: 3

    The hackers created them with with two Bitly accounts in their control, but forgot to set those accounts to private

    A state-sponsered hack group wouldn't make that mistake, would they? Maybe Trump is right and it's just a 400-pound dude in his mom's basement.

    --
    Table-ized A.I.
    1. Re:Basement theory by MightyMartian · · Score: 5, Insightful

      Circumstantial may mean there's a question mark, but it doesn't mean "no evidence at all". Certainly Russia would gain greatly from a President who was less willing to stand behind the US's European allies, and who, all in all, would likely represent a more inward-gazing US. Russia has no hope in hell of ever militarily dominating the West, but if it can divide, then it gains a great deal of strategic space.

      Clinton's victory means the general policy towards Russia that has, by and large, been the US's strategy since the Truman Administration, remains intact, so it is clearly in Russia's interest to try to help the person that at least might represent a break with that strategy.

      Yes, it is circumstantial, and there is a possible counterargument that not even Putin actually would want someone as potentially unpredictable as Donald Trump in the White House, but I still lean towards Russia wanting a more isolationist Administration in the White House, much as it wants the European Union and NATO to be weakened. These three entities; the US, the EU and NATO represent significant checks on Russia's ability to project its power, and if any or all of them can be weakened or eliminated, it is of enormous strategic advantage to Russia.

      --
      The world's burning. Moped Jesus spotted on I50. Details at 11.
    2. Re: Basement theory by MightyMartian · · Score: 2

      There's no more likelihood of civil war come November 9th than there was eight years ago when Obama became President. Yes, there will be some miserable losers, and this time they'll have a miserable loser in Donald Trump, but they'll do what they did eight years ago, be assholes on the Internet and get on with their lives.

      --
      The world's burning. Moped Jesus spotted on I50. Details at 11.
  4. Re:This is proof by Tablizer · · Score: 2

    Idiots shouldn't use email. They'll click on any link

    An "education" link from Goatse U will fix 'em.

    --
    Table-ized A.I.
  5. Ignores the issue by s.petry · · Score: 2, Insightful

    If the DNC, Podesta, and Media, State Department, DOJ, FBI, and Hillary camp did nothing wrong there would be nothing to expose.

    It really truly matters little "who" did the hacking. DNC colluded with media to install a candidate of their choosing. Super-PACs are colluding with the DNC. Clinton Foundation is mostly a front for pay-for-play and benefiting Hillary. Hillary is not the mild tempered person the media has been trying to portray her as, lies to the public, and is in it for personal power. Nothing we didn't already believe but now we have validation.

    It does not matter if it was Russia, a 400lb guy in the basement, or a disgruntled staff member (still my most likely suspect) the actions described in the emails are illegal.

    Russia, guilty or not, is being used as a way to white wash the conversation.

    --

    -The wise argue that there are few absolutes, the fool argues that there are no probabilities.

    1. Re:Ignores the issue by Archangel+Michael · · Score: 5, Insightful

      Well, there are two issues here, and people love to conflate them together.

      1) Spear Phishers got to Podesta, and gained access to his account. The media calls it "hacking" but it wasn't, it was social engineering. One requires expert skills in computers, the other requires basic knowledge of psychology. THIS is all on Podesta for not using 2 Factor authentication.

      2) The other bit about collusion with Media, DNC, Hillary Campaign and it even ties into Project Veritas "Bird Dogging" tapes.

      These are TWO separate issues, and should be addressed as such. Trump could have flipped the whole "Trump and Putin are buddies" bit by Clinton by saying "I condemn the hack. But that doesn't eliminate the horrible dirty politics of the DNC, Media and Hillary Clinton that was exposed. Hillary, how do you justify Bird Dogging my campaign?"

      But Trump is an idiot. He'll never get how to flip attacks back onto the attackers. It requires a kind of mental judo he can't perform.

      --
      Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
    2. Re:Ignores the issue by Xenographic · · Score: 3, Insightful

      BTW, the first batch of Obama emails are out: https://wikileaks.org/podesta-...

      They're boring, though. Wait for later dumps.

      Also, please remember that it may be illegal to view the emails unless you have CNN authorization. You can learn a lot from CNN, like the fact that we already have congressional term limits. Someone might want to let Wikipedia know about that.

    3. Re:Ignores the issue by rmdingler · · Score: 2

      These are TWO separate issues, and should be addressed as such. Trump could have flipped the whole "Trump and Putin are buddies" bit by Clinton by saying "I condemn the hack. But that doesn't eliminate the horrible dirty politics of the DNC, Media and Hillary Clinton that was exposed. Hillary, how do you justify Bird Dogging my campaign?" But Trump is an idiot. He'll never get how to flip attacks back onto the attackers. It requires a kind of mental judo he can't perform.

      Pretty much this, with a side of, How do two candidates with such glaring deficiencies get this close to the Oval Office?

      --
      Happiness in intelligent people is the rarest thing I know.

      Ernest Hemingway

    4. Re:Ignores the issue by s.petry · · Score: 2

      Haha, that CNN authorization line was the funniest thing I have heard in a long time.

      --

      -The wise argue that there are few absolutes, the fool argues that there are no probabilities.

    5. Re:Ignores the issue by MightyMartian · · Score: 5, Insightful

      Ah yes, the real damaging ones are just around the corner...

      It's less than three weeks away, and no modern presidential candidate has ever come from this far behind at this late a date, so if Assange and Friends really are interested in tanking the Clinton campaign, to wait until this late date, AFTER millions have already cast their ballots, would be idiotic.

      The alternative explanation is that there really isn't anything there so odious that it's going to make a difference, and this is just Assange's latest "Look at me!" bid.

      Probably his last, too, if the rumors that Ecuador is in discussions to kick his ass out of the embassy.

      --
      The world's burning. Moped Jesus spotted on I50. Details at 11.
    6. Re:Ignores the issue by gumbi+west · · Score: 2

      Trump has great consultants--you can see them on TV and they obviously write great scripts.

      He just doesn't listen to them.

    7. Re: Ignores the issue by luis_a_espinal · · Score: 3, Insightful

      Part of it is idiots crossing party lines to vote for the "easiest to beat" candidate in the party they don't plan to actually vote with in the general.

      I get the idea of "strategic" voting, but for the love of freedom, please only do that by voting for "least bad" in the general, rather than sabotaging All of us In the primaries.

      Bullshit. Intra-party results in closed primary states mirrored those of the country as a while. There is a lot to debate how Clinton won over Sanders, but there is no debate there were a whole bunch of idiots on the other side of the fence who ENTHUSIASTICALLY went for Trump, hook, line and sinker.

      One has to wonder the type of bubble one must live in to buy into that kind of tripe.

  6. Re:tl;dr by HornWumpus · · Score: 2

    1000 shortened URLs/month is a single 'targeted' phishing group?

    Nonsense. 1000 shortened URLs/month is an open account being used by many interested parties.

    lets see the other 9000 targets. Bet they are clearly from all over the map. I'll further bet CNN will tell us it's illegal to look for ourselves.

    --
    John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'
  7. "Legitimate" URL Shortening in email is stupid by WoodstockJeff · · Score: 4, Interesting

    We have most URL shortening services blocked on our email system. It's a policy that has been in place for years - in email, it does not matter how long or ugly the URL is, it should be fully there.

    If a service has a way to view the destination without actually going there, we MIGHT let it through. But even that policy needs review. Maybe we just need to crank up the SpamAssassin score by 10.0 for each one found...

    1. Re:"Legitimate" URL Shortening in email is stupid by Anonymous Coward · · Score: 2, Interesting

      URL shortening is stupid everywhere. What is the point? Do people actually type out a shortened URL (vs. copy/paste).
      What is the purpose of this "technology", other than accommodating Twitter?

  8. Speculation by Glith · · Score: 5, Informative

    That they sent a couple of bit.ly links that got clicked on a couple of times isn't surprising. The source claiming it's all the Russians is the same NSA source that perjured himself in front of congress.

    Podesta uses the same password across every service he's on, and didn't even start changing it once his emails started pouring to the public by the thousands. It was likely exposed by a dozen other hacks.

  9. Russian Government? Why use a contractor? by mveloso · · Score: 2

    If the Russian Government is as good at this shit as they say, why would they outsource it to a Russian firm? That's stupid.

    It's like someone wanted a big sign that said RUSSIA DID IT.

    Do the TLAs really thing that the Russian Government is going to fake them out by using a Russian firm? How incompetent are our cyber investigators?

    1. Re:Russian Government? Why use a contractor? by guruevi · · Score: 3, Insightful

      I would say they're both as are most people in computer security these days. You cannot identify a state-level attacker, only guess. The Stuxnet is a great example, it's "probably" the US or Israel but you can't say for certain because it leaves no trace.

      I must assume given the transparency of the attack this is just a corporate-level hacking group that happened to stumble upon the motherload and probably didn't even realize for months what they had.

      --
      Custom electronics and digital signage for your business: www.evcircuits.com
  10. This AC really wants us to believe by AHuxley · · Score: 2, Informative

    How many stories have we had on this topic?
    Lets go back down the stories and their new Bear related findings, spies, moles, data diodes and the private sector.
    Starting with "How Hackers Broke Into John Podesta and Colin Powell’s Gmail Accounts"
    https://motherboard.vice.com/r...
    "It’s unclear why the hackers used the encoded strings, which effectively reveal their targets to anyone."
    and finally "None of this new data constitutes a smoking gun that can clearly frame Russia"
    So the first hint of something that is not very spy like?
    Lets try the other link:
    https://theintercept.com/2016/... (September 14 2016)
    "https://theintercept.com/2016/09/13/colin-powell-emails/"
    has "a hacker that many allege to have ties with Russian intelligence." and thats all.
    Finally past the two slashdot links and down at
    "How Russia Pulled Off the Biggest Election Hack in U.S. History" (OCT 20, 2016 )
    http://www.esquire.com/news-po...
    Lets keep reading past the 56k modems and 1950's see whats new.
    "immediately discovered two sophisticated groups of spies" They are not great spies if they are "immediately discovered" by the private sector.
    "soon able to reconstruct the hacks and identify the hackers." If the entry was so easy to reconstruct, it could be anyone with the skills.
    "each of the attackers seemed unaware of what the other was doing" so more than one group used methods out in the wider public at random times?
    Sounds like a few different groups are active.
    So groups with "immediately discovered" methods must be the GRU and KGB?
    "But several sloppy mistakes"... Do spies make so many "sloppy mistakes"? Use of their own language and emoji?
    The Germans added their support to 'Fancy Bear" from years ago. Well understood methods by "different" groups that the private sector was well aware of?
    The "hackers forgot to set" - that sounds like spies? Such a "rapid public reconstruction" and in public so the media could follow along?
    Then onto the NSA, data diodes, and a small hint at a real spy could be in play with "an old-fashioned mole passed on the tools."
    How did the other data get out? "Using commercial cloud services to "exfiltrate" data out"
    So we are back to ip ranges? "Confident" in URL's and all that code litter that expert "spies" left for the media, private sector and "open-source counterintelligence" to find. Don't forget the easy to find emoji as part of the litter :)

    --
    Domestic spying is now "Benign Information Gathering"
  11. Re:So you're not worried about Brexit 2.0? by MightyMartian · · Score: 2

    Which, as Nate Silver pointed out, is a very poor example considering the lack of polling at the time, and the fact that even with the limited data, there was some indication of Truman pulling ahead.

    http://fivethirtyeight.com/fea...

    --
    The world's burning. Moped Jesus spotted on I50. Details at 11.
  12. idiots by ooloorie · · Score: 3, Interesting

    These are the idiots who are likely going to win the election, start a cyber war with Russia, and be privy to the innermost secrets of our government. And instead of resigning, Hillary goes on whining about it's all Trump's fault.

    For Hillary, it's never Hillary's fault, it's always a Russian conspiracy, or a vast right wing conspiracy, or bad luck, or "I didn't do it", or ... WDATPDIM?

    It's sickening.

  13. In the long run by Max_W · · Score: 2

    Even though these revelations may hurt certain politicians or parties, in the long run I think it is beneficial for everyone. In the past we would hear about a candidate like D.Trump that he helped poor women and children all his life untiringly, or that a competing candidate of the DNC, remarkably selfless one, is selected via popular vote, that our e-mails and browsers are secure, etc.

    Now we know the truth. Yes, it is a bitter stunning truth, probably harmful truth, but it is the truth. And we could start to figure out what to do about it as grown up people, as opposite to deluded children.

    In the Japanese language there are two words for reality. On is a reality as it seems, and another is the reality as it actually is. We need more of the latter and not only from the US.

    I do not believe these were pure hacks. I am almost sure that there were inside helpers, individuals who want us to know the reality as it is.