3 min read

This is the email that hacked Hillary Clinton's campaign chief

Graham CLULEY

October 31, 2016

This is the email that hacked Hillary Clinton's campaign chief

No-one wants to have their email account hacked. Not only can it lead to that ghastly feeling of having had your private communications rifled through, the risk of identity theft, and potentially passwords for your other online accounts stolen, but it could also lead to your company’s intellectual property and confidential plans being grabbed by criminals on the other side of the world.

Your email account is the lynch-pin of your online life – losing control of it can feel disastrous personally and professionally.

Now imagine how it would feel if your boss was the woman vying to be the next president of the United States.

A search on Wikileaks reveals the email that hackers sent to John Podesta, Hillary Clinton’s campaign chief.

podesta-phish

At first glance the email, sent on March 19 2016, looks like a legitimate communication from Google warning that hackers have used Podesta’s password to log into his Gmail account from Ukraine. The email urges the recipient to change the password immediately.

Sounds urgent, right? And, sensibly, Podesta forwarded the warning to the Clinton campaign’s IT team asking what action he should take.

And that’s where things really went wrong.podesta-it-email

This is a legitimate email. John needs to change his password immediately, and ensure that two-factor authentication is turned on his account.

He can go to this link: https://myaccount.google.com/security to do both. It is absolutely imperative that this is done ASAP.

Because the Google warning sent to Podesta was not legitimate. A careful look at the raw message would have revealed that clicking on the “Change password” link would take Podesta to a webpage under the control of the attackers – hidden behind a bitly link.

podesta-raw-html

To be precise, that bitly link would take anyone who clicked on it to a webpage that pretended to be a Google login page:

myaccount.google.com-securitysettingpage.tk/security/signinoptions/password

In this way, the hackers could trick their intended target into entering their all-important username and password.

To their credit, the IT technicians working on Hillary Clinton’s campaign (I’ve redacted their personal details in the screenshot above – which is more than Wikileaks bothers to do) did send Podesta the *correct* link to review his Google account’s security settings – https://myaccount.google.com/security.

But Podesta it seems must have clicked on the link sent to him by his attackers. Bingo. The hackers were in.

No-one knows for sure the precise identities of the hackers are who breached Podesta’s emails, or who may have then shared them with Wikileaks to embarrass the Clinton campaign, but the attacks were clearly part of a wave of attacks masterminded by the notorious Fancy Bear hacking group, believed to have close ties to Moscow.

If Podesta had already enabled two-step verification on his Google account then even if he had carelessly handed his passwords to the hackers, it wouldn’t have been enough for them to break in.

If Podesta had taken greater care checking if the URL he was visiting was the real Google site, then the hack wouldn’t have happened.

And if he hadn’t been using the same passwords elsewhere on the net, then others wouldn’t have been able to hack into Podesta’s Twitter and Apple iCloud accounts using information they gleaned from Wikileaks’ archive of his emails

The truth is that the breach of the Clinton campaign chief’s email did not require sophisticated hacking skills. It just depended on the right combination of human error and carelessness.

tags


Author



Right now

Top posts

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read
The Top Five Security Risks Smartphone Users Face Today

The Top Five Security Risks Smartphone Users Face Today

July 02, 2021

4 min read
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

July 02, 2021

3 min read
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

June 30, 2021

2 min read
Mobile security threats: reality or myth?

Mobile security threats: reality or myth?

June 13, 2021

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Fraud Family cybercrime ring under the spotlight as arrests made in the Netherlands Fraud Family cybercrime ring under the spotlight as arrests made in the Netherlands
Graham CLULEY

July 23, 2021

3 min read
Homoglyph domains used in BEC scams shut down by Microsoft Homoglyph domains used in BEC scams shut down by Microsoft
Graham CLULEY

July 22, 2021

3 min read
China Sets Up New Worrying Vulnerability Disclosure Rules China Sets Up New Worrying Vulnerability Disclosure Rules
Silviu STAHIE

July 20, 2021

1 min read