Latest #WikiLeaks dump reveals phishing email that compromised Podesta.
The email that lead to the hack of Clinton campaign chairman John Podesta’s Gmail account was published online Friday by WikiLeaks.
The malicious March 2016 email, which claimed to be from Google, asked Podesta to change his password due to unauthorized access from an IP address in the Ukraine.
Clinton campaign staff members who viewed the email were convinced it was genuine. Clinton insider Sara Latham argued “The gmail one is REAL” while even Clinton campaign IT specialist Charles Delavan said “This is a legitimate email.”
The first suspicious aspect of the email, unnoticed by the Clinton camp, was the “bit.ly” password reset link. Bitly, a website that shortens long web addresses, would not be found in an official email from Google.
As first reported by Motherboard earlier this month, examination of the Bitly link that redirected Podesta to a fake Google webpage also contained several red flags.
The Bitly link helped hide not only the fact that the landing page ended in “.tk” instead of “.com” but that the web page itself failed to use HTTPS encryption. Such links were also likely used to fool Google’s spam filters.
Prior analysis of the phishing link by cybersecurity group SecureWorks revealed the hackers also made a significant operation security mistake – they failed to make their two Bitly accounts private.
The public accounts revealed the hackers had created 8,909 similar links to use against 3,907 Gmail accounts between October 2015 and May 2016.
SecureWorks notes that the targets included “individuals in Russia and the former Soviet states, current and former military and government personnel in the U.S. and Europe, individuals working in the defense and government supply chain, and authors and journalists.”
Accounts linked to the 2016 election were also in the hackers’ sights.
“Specific targets include staff working for or associated with Hillary Clinton’s presidential campaign and the Democratic National Committee (DNC), including individuals managing Clinton’s communications, travel, campaign finances, and advising her on policy.”
Thomas Rid, a professor at King’s college, displayed on Twitter how decoding the phishing links could reveal the specific emails being targeted.
Interestingly, former Secretary of State Colin Powell, whose emails were released by the website DCLeaks in September, was also targeted by the same hackers.
This connection suggests the hackers who provided WikiLeaks with the Podesta emails and DCLeaks with the Powell emails are likely one in the same. The Bitly accounts are also behind the malicious email sent to retired four-star General Philip Mark Breedlove – whose emails appeared on DCLeaks in April.
Numerous cybersecurity groups have accused the Russian government of being responsible not only for the above election season hacks but for creating DCLeaks and Guccifer 2.0. to disseminate the data. The U.S. government also publicly blamed Russia on October 7 just one week before the CIA was tasked with preparing a possible retaliatory “cyber strike.”
Russian President Vladimir Putin has denied involvement, arguing that the contents of the hacks are far more important than who is responsible.
“Listen, does it even matter who hacked this data?’’ Putin said on September 1. “The important thing is the content that was given to the public.’’
Putin again dismissed US “hysteria” concerning the hacks on Thursday during an annual speech at the Valdai Discussion Club in Sochi.
“Hysteria has been whipped up in the United States about the influence of Russia over the U.S. presidential election,” he said. “It’s much simpler to distract people with so-called Russian hackers, spies, and agents of influence. Does anyone really think that Russia could influence the American people’s choice in any way? Is America a banana republic or what? America is a great power.”