begin quote from:
http://www.cnn.com/2016/10/28/politics/phishing-email-hack-john-podesta-hillary-clinton-wikileaks/index.html
Is this the email that hacked John Podesta's account?
Story highlights
- Clinton campaign staffers believed attempted hack email was "legitimate"
- Cybersecurity experts see direct link to Russian cyberespionage group
(CNN)A phishing email sent to Hillary Clinton campaign chairman John Podesta may have been so sophisticated that it fooled the campaign's own IT staffers, who at one point advised him it was a legitimate warning to change his password.
The stolen email thread, released by WikiLeaks Friday, also provides the most direct evidence yet that the Russian government was behind the damaging hack into the Clinton campaign, according to a private cybersecurity company.
The thread shows a Clinton campaign staffer writing that a phishing email sent to Podesta's Gmail account on March 19, 2016, is "legitimate," though the staffer advises him to go through Google's official procedures to update his password. It's not clear if Podesta gave hackers his password before he was advised by his staff, or if the email in question was the one that led to the hack.
The Clinton campaign has not commented directly on the hacked emails and CNN cannot independently verify their authenticity.
On its face, the source of the potentially dangerous email is Google, but a closer look at the actual mailing address shows an unfamiliar or bogus-looking account: "no-reply@accounts.googlemail.com."
The subject line warns, "Someone has your password" and the body of the message says "someone" in Ukraine tried, but was stopped, from signing into Podesta's account.
"You should change your password immediately," the email warns. The words "CHANGE PASSWORD" then appear -- inviting Podesta to click on them -- as a way to do just that. But the address did not link to a secure Google web page, instead directing the user blindly via bit.ly, a service used to shorten or conceal web addresses.
According to the cybersercurity company SecureWorks, the link used in the Podesta email was clicked two times. If his information was entered into a form on the landing site -- potentially run by a hacker -- the floodgates could have opened right there.
Podesta was not the only Clinton campaign staffer targeted, SecureWorks found.
"We saw 108 email addresses targeted and we know that 20 of the links that were sent to those individuals were clicked," Phil Burdette, a senior security researcher at the firm, told CNN on Friday. There were 213 similar bit.ly links created, he said, but because there were duplicates it is likely the same accounts received multiple phishing messages.
It is unclear if anyone else targeted entered their information.
No comments:
Post a Comment