begin quote from:

http://www.cnn.com/2016/10/28/politics/phishing-email-hack-john-podesta-hillary-clinton-wikileaks/index.html

Is this the email that hacked John Podesta's account?

By Gregory Krieg and Tal Kopan, CNN

Updated 8:45 PM ET, Fri October 28, 2016

Hacked Clinton staff emails show frustration, blame

Clinton campaign demands more information from FBI

FBI uncovers emails "pertinent" to Clinton probe

Rubio's Rival Denies Alleged Family Ties To Trump

CNN African Voices The Music Makers Trailer

Speaker Ryan calls to block Clinton from intel briefings

Trump raised idea of Weiner as security risk months ago

FBI explains why letter was released now

What happened to AA flight that caught fire at O'Hare?

Fmr. DOJ official: Comey "needs to come forward"

Trump: FBI could correct "miscarriage of justice"

Source: CNN

Hacked Clinton staff emails show frustration, blame 04:44

Story highlights

Clinton campaign staffers believed attempted hack email was "legitimate"
Cybersecurity experts see direct link to Russian cyberespionage group

(CNN)A phishing email sent to Hillary Clinton campaign chairman John Podesta may have been so sophisticated that it fooled the campaign's own IT staffers, who at one point advised him it was a legitimate warning to change his password.

The stolen email thread, released by WikiLeaks Friday, also provides the most direct evidence yet that the Russian government was behind the damaging hack into the Clinton campaign, according to a private cybersecurity company.

The thread shows a Clinton campaign staffer writing that a phishing email sent to Podesta's Gmail account on March 19, 2016, is "legitimate," though the staffer advises him to go through Google's official procedures to update his password. It's not clear if Podesta gave hackers his password before he was advised by his staff, or if the email in question was the one that led to the hack.

The Clinton campaign has not commented directly on the hacked emails and CNN cannot independently verify their authenticity.

On its face, the source of the potentially dangerous email is Google, but a closer look at the actual mailing address shows an unfamiliar or bogus-looking account: "no-reply@accounts.googlemail.com."

The subject line warns, "Someone has your password" and the body of the message says "someone" in Ukraine tried, but was stopped, from signing into Podesta's account.

"You should change your password immediately," the email warns. The words "CHANGE PASSWORD" then appear -- inviting Podesta to click on them -- as a way to do just that. But the address did not link to a secure Google web page, instead directing the user blindly via bit.ly, a service used to shorten or conceal web addresses.

According to the cybersercurity company SecureWorks, the link used in the Podesta email was clicked two times. If his information was entered into a form on the landing site -- potentially run by a hacker -- the floodgates could have opened right there.

Podesta was not the only Clinton campaign staffer targeted, SecureWorks found.

"We saw 108 email addresses targeted and we know that 20 of the links that were sent to those individuals were clicked," Phil Burdette, a senior security researcher at the firm, told CNN on Friday. There were 213 similar bit.ly links created, he said, but because there were duplicates it is likely the same accounts received multiple phishing messages.

It is unclear if anyone else targeted entered their information.

Intuitive fred888

Top 10 Posts This Month

Friday, October 28, 2016

Proof that Russia hacked Podesta to get to Hillary?

begin quote from:

Is this the email that hacked John Podesta's account?

Story highlights

No comments: