It happened on March 19 of this year – campaign chairman for Hillary Clinton John Podesta unwittingly clicked on a link in an email he thought was from Google corporate. It wasn’t from Google, but rather from a group of phishing hackers the US government has since linked to Russia. Podesta wasn’t aware the link was malicious at the time he clicked on it, but doing that gave the hackers access to his entire email account. Fast-forward to October 9, when WikiLeaks began publishing thousands of Podesta’s emails, the motive seen by many as the desire to influence the US Presidential election by exposing Clinton camp improprieties. Now there is evidence that it may have been the same hacker group that targeted the Democratic National Committee.
Both hacking incidents were done using the same malicious short URLs that are routinely hidden in fake Gmail messages by black hat hackers. Those URLs were created with a Bit.ly account linked to a domain controlled by a hacker named Fancy Bear, one of the identified Russian hackers. Data also shows a “clear thread” between allegedly separate and independent leaks that have shown up on a site called DC Leaks which included some of both Colin Powell’s and John Podesta’s emails.
Fancy Bear and Political Hacks
Hidden in the Bit.ly link was a longer URL that included a 30-character string that actually contained the encoded Gmail address of John Podesta. The link was clicked on twice in March, acts which opened up Hillary Clinton’s campaign manager’s email account to exploitation and revelation on a major scale. The link was just one of thousands created by Fancy Bear which were used to target nearly 4,000 persons between October 2015 and May 2016.
The Fancy Bear hacker group used two Bit.ly accounts to create the malicious links, but forgot to set those accounts to private, allowing “good guy” hackers like security firm SecureWorks to track their use through command and control domains and servers. Fancy Bear used 213 shortened links targeting fully 108 email addresses on the HillaryClinton.com domain, as reported by SecureWorks and in BuzzFeed earlier in October. Using Bit.ly “allowed third parties to see their entire campaign, including all their targets— something you’d want to keep secret,” said Tom Finney, a researcher at SecureWorks.
According to Thomas Rid, professor at King’s College, it was “one of Fancy Bear’s gravest mistakes,” explaining that it gave researchers unparalleled visibility into the hacker group’s activities, which resulted in investigators being able to link different, supposedly disparate parts of its larger campaign together. Using the encoded strings, embedded inside the shortened links, and which targeted numerous political figureheads like Podesta, Powell, and Clinton staffer William Reinhart, effectively revealed their targets for any and all eyes to see.
No Smoking Gun
Although the evidence is clear and profound, it doesn’t constitute any kind of smoking gun that can unequivocally link the phishing attacks to the Russian hackers, in early October the US government publicly accused the Russian government of not only sponsoring but directing the attacks. And as Motherboard put it in their piece entitled, “How Hackers Broke into John Podesta and Colin Powell’s Gmail Accounts,” “The intelligence community declined to explain how they reached their conclusion, and it’s fair to assume they have data no one else can see.”
Need Cybersecurity Advice?
If you need advice about cyberattack preparedness, cyber safety awareness and security, Alary Clinitech is a proven leader in providing IT consulting and cybersecurity in Oshawa, Toronto and Southern Ontario. Contact one of our IT experts at (416) 291-7377 or send us an email at email@example.com today, and we can help you with all your questions or needs.
Thanks for helping us upgrade our Macs and get them working exactly as our business needs! Fast, convenient and very knowledgeable! You’re the best!
Alary Technologies has been our IT support team for the past year at the START Clinic for Mood and Anxiety Disorders. They have done a excellent job in upgrading our system, organization, and supporting us in technical computer matters. Compared to other IT companies we have worked with, Alary Technologies comes on top. Ahmed Kufaishi the Managing Director at Alary Technologies is solution focused, knowledgeable and makes an effort to really understand his clients’ needs. It has been a pleasure to work with Ahmed and Alary Technologies. I would recommend their services to other companies and clinics.
“We continue to work with Alary Technologies due to the fact that they are quite educated and knowledge based with current upgrades, and their commitment to their customers.”
Ahmed has been providing our company with expert IT services for close to 3 years. He has guided us through hardware upgrades, server back up procedures and was instrumental in brokering a custom software program that fully automated some key functions in our business. Ahmed has always been thoroughly professional in all his dealings with us and has provided consistent and sound advise for all of our IT requirements. We consider Ahmed and Alary Technologies to be an important partner for our business.
It is refreshing to work with someone who can organize things and describe in plain language. I have a large and growing knowledge base for my work as an architect. I have realized that I can’t do everything, that I do need a team member who can look after this one relatively small by crucial part of my practice.