John Podesta and Colin Powell’s Email Accounts Hacked – And How

It happened on March 19 of this year – campaign chairman for Hillary Clinton John Podesta unwittingly clicked on a link in an email he thought was from Google corporate. It wasn’t from Google, but rather from a group of phishing hackers the US government has since linked to Russia. Podesta wasn’t aware the link was malicious at the time he clicked on it, but doing that gave the hackers access to his entire email account. Fast-forward to October 9, when WikiLeaks began publishing thousands of Podesta’s emails, the motive seen by many as the desire to influence the US Presidential election by exposing Clinton camp improprieties. Now there is evidence that it may have been the same hacker group that targeted the Democratic National Committee.

Email Hacked

Both hacking incidents were done using the same malicious short URLs that are routinely hidden in fake Gmail messages by black hat hackers. Those URLs were created with a Bit.ly account linked to a domain controlled by a hacker named Fancy Bear, one of the identified Russian hackers. Data also shows a “clear thread” between allegedly separate and independent leaks that have shown up on a site called DC Leaks which included some of both Colin Powell’s and John Podesta’s emails.

Fancy Bear and Political Hacks

Hidden in the Bit.ly link was a longer URL that included a 30-character string that actually contained the encoded Gmail address of John Podesta. The link was clicked on twice in March, acts which opened up Hillary Clinton’s campaign manager’s email account to exploitation and revelation on a major scale. The link was just one of thousands created by Fancy Bear which were used to target nearly 4,000 persons between October 2015 and May 2016.

The Fancy Bear hacker group used two Bit.ly accounts to create the malicious links, but forgot to set those accounts to private, allowing “good guy” hackers like security firm SecureWorks to track their use through command and control domains and servers. Fancy Bear used 213 shortened links targeting fully 108 email addresses on the HillaryClinton.com domain, as reported by SecureWorks and in BuzzFeed earlier in October. Using Bit.ly “allowed third parties to see their entire campaign, including all their targets— something you’d want to keep secret,” said Tom Finney, a researcher at SecureWorks.

According to Thomas Rid, professor at King’s College, it was “one of Fancy Bear’s gravest mistakes,” explaining that it gave researchers unparalleled visibility into the hacker group’s activities, which resulted in investigators being able to link different, supposedly disparate parts of its larger campaign together. Using the encoded strings, embedded inside the shortened links, and which targeted numerous political figureheads like Podesta, Powell, and Clinton staffer William Reinhart, effectively revealed their targets for any and all eyes to see.

No Smoking Gun

Although the evidence is clear and profound, it doesn’t constitute any kind of smoking gun that can unequivocally link the phishing attacks to the Russian hackers, in early October the US government publicly accused the Russian government of not only sponsoring but directing the attacks. And as Motherboard put it in their piece entitled, “How Hackers Broke into John Podesta and Colin Powell’s Gmail Accounts,” “The intelligence community declined to explain how they reached their conclusion, and it’s fair to assume they have data no one else can see.”

Need Cybersecurity Advice?

If you need advice about cyberattack preparedness, cyber safety awareness and security, OffSite IT is a proven leader in providing IT consulting and cybersecurity in Chicago, IL and Southern California. Contact one of our IT experts at (866) 828--6674 or send us an email at info@offsiteIT.com today, and we can help you with all your questions or needs.

Alexssa

I first hired John directly as an employee back in 1999.
He was an excellent addition to a growing team at a small technology company. Subsequent to the sale of the company, John branched out on his own and started an IT consulting firm. Since that time, I have not used anyone else. John is capable, personable, has integrity and is also very likable. I would recommend him without reservation.”

  Kevin DiCerbo   

Connect With OffSite IT

    Locations
    • Los Angeles / Orange County 21520 Yorba Linda Blvd. Suite G417 Yorba Linda, CA 92887
    • Chicago 6912 Main Street Suite 214 Downers Grove, IL 60516
    • 1-866-828_-6674 info@offsiteIT.com