DNC figure John Podesta told to follow phishing link, instead of link to enable 2FA
A single typo from a Clinton campaign aide gave Russian hackers access to a decade’s worth of emails, some 60,000 in total, owned by Clinton campaign chairman John Podesta.
Clinton campaign aide Charles Delavan wrote in an email to one of Podesta’s aides. later published by Wikileaks, that Podesta must “immediately” change his password after the exhausted chairman clicked on a phishing email requesting he change his Gmail password.
Delavan then urged Podesta’s aide to ensure two factor authentication was set up on the account.
It was sound advice and could have helped prevent the hack on the Democratic National Committee’s (DNC) email server, now all-but confirmed to be the handiwork of Russian hackers with links to Moscow.
But Delavan screwed up.
A single typo in which he stated that the email was “legitimate” was enough to see the security advice ignored.
“This is a legitimate email. John needs to change his password immediately, and ensure that two-factor authentication is turned on his account,” Delavan wrote in the morning of March 19. “He can go to this link: https://myaccount.google.com/security to do both.”
“It is absolutely imperative that this is done ASAP.”
The error has “plagued him ever since”, Delavan told the New York Times in its 8,500 word analysis of Russian interference in the US election.
The Times story features intelligence officials, campaign insiders, and security firms laying blame at the feet of Russian president Vladimir Putin.
It concludes that the attacks on the DNC and Podesta’s email were successful in altering the course of the United States presidential election.
President-elect Donald Trump has rejected the “high confidence” assertion of Russian involvement by US intelligence agencies.
Delavan said he saw dozens of phishing emails similar that which compromised Podesta.
It is unsurprising: Two Russian hacking groups widely thought to be Kremlin-backed have been identified as the culprits of systematic advanced intrusions into the DNC.
Recognised Russian hacking outfits CozyBear (also known as “APT 29” or “Dukes”) and the older GRU-controlled FancyBear (aka “APT 28” or “Pawn Storm”) had both hacked into the DNC in separate attacks, security firms Dell SecureWorks and CrowdStrike have said.
Cozy Bear penetrated the DNC mid last year after vast phishing campaigns targeting US agencies, non-profits, and corporations.
The information that group and other Russian outfits gleaned would be fed through the data leaker known as Gufficer 2.0, and through Wikileaks.
Those groups, which the Times says operated in isolation stealing some of the same files, pillaged emails and documents from the DNC and Republicans, representatives from the CIA told Congress last week.
Those revelations prompted calls from Republican senators John McCain, Lindsey Graham, and Democrats Charles E.
Schumer and Jack Reed for a non-partisan response to the Russian attacks.
“This cannot become a partisan issue,” the senators wrote in the joint statement. “The stakes are too high for our country.”
Others have called for a stronger response. Pentagon Cyber Command director Admiral Michael Rogers expressed a desire to strike back at Moscow, sources told The New York Times, in a tit-for-tat bid to hack back and expose President Putin’s financial links to Russian oligarchs.
The attack was also designed to punch holes in Russia’s networks to allow dissidents there to spread messages.
Deputy US National Security Adviser Avril Haines considered it an overreaction that would play into Putin’s hands in a signal to the public that the US had lost control of its electoral process.
For his part, outgoing President Barack Obama is said to have feared escalation in cyber conflict with Russian and was focused on establishing agreements with the nation over the conflict in Syria.
The hacking campaigns have not stopped.
Germany now fears Russian influence in its upcoming election, expected in September 2017, with intelligence chief Hans-Georg Maassen saying Moscow has “enourmous resources” it is dedicating to targeting its “government officials, members of parliament, and employees of democratic parties”.
Security firm Volexity last month detailed wide-spread phishing campaigns sent by Russia’s Cozy Bear.
The documents spotted a mere six hours after the conclusion of the US election were shipped from compromised Harvard University email accounts offering malware-laden documents and promised information on the outcome of the presidential election.
“Volexity believes that the Dukes are likely working to gain long-term access into think tanks and non-government organisations,” the firm’s founder Steven Adair said at the time. “And will continue to launch new attacks for the foreseeable future.” ®
Sponsored: Flash enters the mainstream.
Visit The Register’s storage hub