3 min read

This is the email that hacked Hillary Clinton's campaign chief

Graham CLULEY

October 31, 2016

Promo Protect all your devices, without slowing them down.
Free 30-day trial
This is the email that hacked Hillary Clinton's campaign chief

No-one wants to have their email account hacked. Not only can it lead to that ghastly feeling of having had your private communications rifled through, the risk of identity theft, and potentially passwords for your other online accounts stolen, but it could also lead to your company’s intellectual property and confidential plans being grabbed by criminals on the other side of the world.

Your email account is the lynch-pin of your online life – losing control of it can feel disastrous personally and professionally.

Now imagine how it would feel if your boss was the woman vying to be the next president of the United States.

A search on Wikileaks reveals the email that hackers sent to John Podesta, Hillary Clinton’s campaign chief.

podesta-phish

At first glance the email, sent on March 19 2016, looks like a legitimate communication from Google warning that hackers have used Podesta’s password to log into his Gmail account from Ukraine. The email urges the recipient to change the password immediately.

Sounds urgent, right? And, sensibly, Podesta forwarded the warning to the Clinton campaign’s IT team asking what action he should take.

And that’s where things really went wrong.podesta-it-email

This is a legitimate email. John needs to change his password immediately, and ensure that two-factor authentication is turned on his account.

He can go to this link: https://myaccount.google.com/security to do both. It is absolutely imperative that this is done ASAP.

Because the Google warning sent to Podesta was not legitimate. A careful look at the raw message would have revealed that clicking on the “Change password” link would take Podesta to a webpage under the control of the attackers – hidden behind a bitly link.

podesta-raw-html

To be precise, that bitly link would take anyone who clicked on it to a webpage that pretended to be a Google login page:

myaccount.google.com-securitysettingpage.tk/security/signinoptions/password

In this way, the hackers could trick their intended target into entering their all-important username and password.

To their credit, the IT technicians working on Hillary Clinton’s campaign (I’ve redacted their personal details in the screenshot above – which is more than Wikileaks bothers to do) did send Podesta the *correct* link to review his Google account’s security settings – https://myaccount.google.com/security.

But Podesta it seems must have clicked on the link sent to him by his attackers. Bingo. The hackers were in.

No-one knows for sure the precise identities of the hackers are who breached Podesta’s emails, or who may have then shared them with Wikileaks to embarrass the Clinton campaign, but the attacks were clearly part of a wave of attacks masterminded by the notorious Fancy Bear hacking group, believed to have close ties to Moscow.

If Podesta had already enabled two-step verification on his Google account then even if he had carelessly handed his passwords to the hackers, it wouldn’t have been enough for them to break in.

If Podesta had taken greater care checking if the URL he was visiting was the real Google site, then the hack wouldn’t have happened.

And if he hadn’t been using the same passwords elsewhere on the net, then others wouldn’t have been able to hack into Podesta’s Twitter and Apple iCloud accounts using information they gleaned from Wikileaks’ archive of his emails

The truth is that the breach of the Clinton campaign chief’s email did not require sophisticated hacking skills. It just depended on the right combination of human error and carelessness.

tags


Author


Graham CLULEY

Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s.

View all posts

You might also like

Bookmarks


loader