The email that lead to the hack of Clinton campaign chairman John Podesta’s Gmail account was published online Friday by WikiLeaks.
The malicious March 2016 email, which claimed to be from Google, asked Podesta to change his password due to unauthorized access from an IP address in the Ukraine.
Clinton campaign staff members who viewed the email were convinced it was genuine. Clinton insider Sara Latham argued “The gmail one is REAL” while even Clinton campaign IT specialist Charles Delavan said “This is a legitimate email.”
The first suspicious aspect of the email, unnoticed by the Clinton camp, was the “bit.ly” link next to the “CHANGE PASSWORD” text. Bitly, a service that shortens the URL’s of long web addresses, would not be found in an official email from Google.
Analysis of the phishing link by cybersecurity group SecureWorks revealed the hackers made a significant operational security mistake – they failed to make their two Bitly accounts private.
As first reported by Motherboard earlier this month, examination of the Bitly link that would have redirected Podesta to a fake Google webpage also contained several red flags.
The Bitly link helped hide not only the fact that the landing page ended in “.tk” instead of “.com” but that the web page itself failed to use HTTPS encryption. Such links were also likely used to fool Google’s spam filters.
Details on the specific link pictured above reveal that it was clicked twice after being sent to Podesta.
The public Bitly accounts also showed the hackers had created 8,909 similar links to use against 3,907 Gmail accounts between October 2015 and May 2016.
SecureWorks notes that the targets included both foreign individuals but mostly “current and former military and government personnel in the U.S. and Europe, individuals working in the defense and government supply chain, and authors and journalists.”
Accounts linked to the 2016 election were also in the hackers’ sights.
“Specific targets include staff working for or associated with Hillary Clinton’s presidential campaign and the Democratic National Committee (DNC), including individuals managing Clinton’s communications, travel, campaign finances, and advising her on policy.”
Thomas Rid, a professor at King’s college, displayed on Twitter how decoding the phishing links could reveal the specific emails being targeted – in this case John Podesta.
Rid noted that the phishing attack was of such “high-quality” that it even used Podesta’s official Google profile photo on the ficticious login page.
Interestingly, former Secretary of State Colin Powell, whose emails were hacked and later released by the website DCLeaks in September, was also targeted by the same hackers.
This connection suggests the hackers who provided WikiLeaks with the Podesta emails and DCLeaks with the Powell emails are likely one in the same. The same hackers are also behind the malicious email sent to retired four-star General Philip Mark Breedlove – whose emails appeared on DCLeaks in April.
Many online have mistakenly pointed to Podesta’s weak password usage as the avenue of attack. Password strength is irrelevant in phishing attacks as they rely on the user voluntarily giving up their credentials.
Numerous cybersecurity groups have accused the Russian government of being responsible not only for the aforementioned election season hacks but for creating DCLeaks and Guccifer 2.0. to disseminate the data. The U.S. government also publicly blamed Russia on October 7 just one week before reports revealed that the CIA had been tasked with preparing a possible retaliatory “cyber strike.”
Russian President Vladimir Putin has denied involvement, arguing that the contents of the hacks are far more important than who is responsible.
“Listen, does it even matter who hacked this data?’’ Putin said in September. “The important thing is the content that was given to the public.’’
Putin again dismissed US “hysteria” concerning the hacks on Thursday during an annual speech at the Valdai Discussion Club in Sochi.
“Hysteria has been whipped up in the United States about the influence of Russia over the U.S. presidential election,” he said. “It’s much simpler to distract people with so-called Russian hackers, spies, and agents of influence.”
“Does anyone really think that Russia could influence the American people’s choice in any way? Is America a banana republic or what? America is a great power.”