Report: Clinton chief probably sent
password to hackers
By RUDY TAKALA (HTTP://WWW.WASHINGTONEXAMINER.COM/AUTHOR/RUDY-TAKALA) (@RUDYTAKALA
(//TWITTER.COM/RUDYTAKALA))
Hillary Clinton (/section/hillary-clinton)'s campaign chief probably
handed access to his personal email account to hackers in March, a
security research firm said Thursday, by complying with instructions
they sent asking him to change his password.
A "Bitly" link included in a March 19 email in an account held by
campaign chairman John Podesta led researchers at SecureWorks to
make the discovery. Bitly is a service that shortens links, and the data
is sometimes public. SecureWorks has traced thousands of the links to
a hacking group associated with Russian military intelligence agency
GRU. That group is known alternatively as Fancy Bear, Sofacy or APT
28.
The link was clicked twice after its delivery to Podesta's Gmail account,
researchers told Motherboard
(http://motherboard.vice.com/read/how-hackers-broke-into-johnpodesta-
and-colin-powells-gmail-accounts), probably by Podesta. It led
to a website controlled by the hackers that looked like Google's
password reset site and that asked Podesta to change his password.
SecureWorks has been able to identify a number of Fancy Bear's
targets by tracking the Bitly links. Those targets have included former
secretary of state Colin Powell, whose emails were published by
DCLeaks in September, as well as William Rinehart and Sarah
Hamilton, both staffers on the Clinton campaign.
The fact Hamilton had been targeted was first made public by Guccifer
2.0, a self-professed Romanian hacker that the intelligence community
said this month is affiliated with the Russian government.
SecureWorks discovered the breach of Rinehart's account.
The reason the hackers use links that can be traced is unclear, though
it does help them to ensure targets are at least interacting with their
emails.
Bitly pointed out in a statement that it is not able to discern regular
users from hackers. "The links and accounts related to this situation
were blocked as soon as we were informed. This is not an exploit of
Bitly, but an unfortunate exploit of Internet users through social
engineering.
"It serves as a reminder that even the savviest, most skeptical users
can be vulnerable to opening unsolicited emails," Bitly said.
WikiLeaks has released more than 20,000 emails obtained from
Podesta's Gmail account this month, and has said as many as 30,000
more are forthcoming.
http://www.washingtonexaminer.com/report-clinton-chief-probably-sent-password-to-hackers/article/2605184
No comments:
Post a Comment