Oleg Zabluda's blog
Saturday, July 14, 2018
 
How Hackers Broke Into John Podesta and Colin Powell’s Gmail Accounts
How Hackers Broke Into John Podesta and Colin Powell’s Gmail Accounts
"""
The phishing email that Podesta received on March 19 contained a URL, created with the popular Bitly shortening service, pointing to a longer URL

Inside that long URL, there's a 30-character string that looks like gibberish but is actually the encoded Gmail address of John Podesta. According to Bitly's own statistics, that link, which has never been published, was clicked two times in March.

That's the link that opened Podesta's account to the hackers, [...]

That link is only one of almost 9,000 links Fancy Bear used to target almost 4,000 individuals from October 2015 to May 2016. Each one of these URLs contained the email and name of the actual target. The hackers created them with with two Bitly accounts in their control, but forgot to set those accounts to private
[...]
SecureWorks was tracking known Fancy Bear command and control domains. One of these lead to a Bitly shortlink, which led to the Bitly account, which led to the thousands of Bitly URLs that were later connected to a variety of attacks, including on the Clinton campaign. With this privileged point of view, for example, the researchers saw Fancy Bear using 213 short links targeting 108 email addresses on the hillaryclinton.com domain
[...]
Using Bitly allowed "third parties to see their entire campaign including all their targets [...] It was one of Fancy Bear's "gravest mistakes [...] This is how researchers have been able to find the phishing link that tricked Colin Powell and got him hacked. This also allowed them to confirm other public reports of compromises, such as that of William Rinehart, a staffer with Clinton's presidential campaign. [...] Similar malicious emails and short URLs have also been used recently against independent journalists from Bellingcat
[...]
The use of popular link shortening services such as Bitly or Tinyurl [...] hackers probably wanted to make sure their phishing attempts went past their targets' spam filters.
"""
https://motherboard.vice.com/en_us/article/mg7xjb/how-hackers-broke-into-john-podesta-and-colin-powells-gmail-accounts
https://motherboard.vice.com/en_us/article/mg7xjb/how-hackers-broke-into-john-podesta-and-colin-powells-gmail-accounts

Labels:


| |

Home

Powered by Blogger