News that doesn't receive the necessary attention.

Friday, December 9, 2016

Podesta emails were released from his gmail account only after Hillary campaign staff examined suspicious spear phishing email and proclaimed it legitimate and that it must be clicked ASAP. Domain was registered in South Pacific atoll-Smoking Gun, Oct. 28, 2016. Copy of email that fooled them. Hillary campaign had been warned about spear phishing-Isikoff


10/28/16, "How Podesta's Gmail Account Was Breached," the smokinggun.com

"Clinton campaign staff guilty of getting duped by hackers"

"So how did John Podesta’s e-mail account get hacked? The answer to that question came into embarrassing focus this morning with the latest Wikileaks dump of correspondence stolen from the Gmail account of Hillary Clinton's campaign manager. 

On March 19, a Saturday, Podesta received an e-mail--purportedly from Google--warning him that, “Someone has your password. The alert (seen above) informed Podesta that a sign-in attempt from an IP address in Ukraine was thwarted and that, “You should change your password immediately.”...
The domain created to trick Podesta was registered in Tokelau, a remote group of South Pacific atolls....

The e-mail, addressed "Hi John," included a blue “CHANGE PASSWORD” box to be clicked."... 

[Ed. note: Also in March 2016, the FBI warned Hillary's campaign that it was being targeted by "spear phishing emails." The campaign declined FBI's offer to help to deal with its vulnerabilities. The flood of Podesta emails began after a Hillary staffer said it was "imperative" to click on the fake link "ASAP."]

(continuing): "As TSG reported in August, similar messages were sent to the Gmail accounts of scores of other Clinton campaign officials around the time Podesta received the phony alert. An identical e-mail--containing the exact Ukrainian IP address--was received on March 22 by William Rinehart, a campaign organizer. The IP address included in the e-mails received by Podesta and Rinehart traces back to Kyivstar, Ukraine’s largest telecommunications company.

Like Rinehart, Podesta’s Gmail account was compromised by the “spear phishing” e-mail.... 

After the e-mail arrived in Podesta’s account, it appears that his chief of staff, Sara Latham, sought guidance from an IT worker with the Clinton campaign. After examining the “Someone has your password” e-mail, staffer Charles Delavan ...mistakenly assured Latham and Shane Hable, the campaign’s chief information officer, that, “This is a legitimate email. John needs to change his password immediately, and ensure that two-factor authorization is turned on his account.” 

Delavan’s 9:54 AM e-mail included a link to an actual Google password change page. It is absolutely imperative that this is done ASAP,” he added. 

Latham then forwarded Delavan’s email to Podesta and campaign staffer Milia Fisher, who had access to Podesta’s Gmail account.

The gmail one is real wrote Latham, who instructed Fisher to change Podesta’s password since “Don’t want to lock him out of his in box!” 

But instead of following the link provided by Delavan, it appears that Podesta or Fisher...clicked on the “CHANGE PASSWORD” box in the original “spear phishing” correspondence (a copy of which which was included in the e-mail chain that Saturday morning). 

That link led to what appeared to be a legitimate Google page, but was actually a site designed by the hackers to capture a target’s log-in credentials. The link to the spoofed Gmail page included a lengthy underlying url with the .tk suffix, indicating that the domain created to trick Podesta was registered in Tokelau, a remote group of South Pacific atolls. 

The hidden 293-character link included a string of characters containing the encoded Gmail address for Podesta (john.podesta@gmail.com). 

The e-mails stolen in the Podesta hack and posted on Wikileaks show that the most recent correspondence is from March 21. 

While Delavan protected his Twitter page following the publication of this story, he did offer the public some sage advice earlier this week. In an October 25 tweet, Delavan wrote, “don’t click on anything ever. delete your email account. move to the woods.” (1 page) Image above from The Smoking Gun 

--------------------------- 

Among comments 

................................

"Scott Johnson ·
..........
............................ 

Added: “Most successful hacks today start with a phishing attack." "Gmail [chosen by Hillary campaign manager Podesta] is used for more than half of all data drop email accounts, making it the top webmail service used by attackers to receive credentials stolen via phishing." (So why is Podesta using it?) Information about spear phishing has been on the FBI website since at least 2009.  
 
--------------------------

Added: July 28, 2016 Isikoff article about March 2016 FBI warning to Hillary campaign about "spear phishing." The campaign declined FBI assistance on the matter. "The Brooklyn warning also could raise new questions about why the campaign and the DNC didn’t take the matter more seriously."... 

7/28/16, "FBI warned Clinton campaign last spring of cyberattack," Michael Isikoff, Yahoo News 

"The FBI warned the Clinton campaign that it was a target of a cyberattack last March, just weeks before the Democratic National Committee discovered it had been penetrated by hackers it now believes were working for Russian intelligence, two sources who have been briefed on the matter told Yahoo News.

In a meeting with senior officials at the campaign’s Brooklyn headquarters, FBI agents laid out concerns that cyberhackers had used so-called spear-phishing emails as part of an attempt to penetrate the campaign’s computers, the sources said. One of the sources said agents conducting a national security investigation asked the Clinton campaign to turn over internal computer logs as well as the personal email addresses of senior campaign officials.

But the campaign, through its lawyers, declined to provide the data, deciding that the FBI’s request for sensitive personal and campaign information data was too broad and intrusive, the source said.

A second source who had been briefed on the matter and who confirmed the Brooklyn meeting said agents provided no specific information to the campaign about the identity of the cyberhackers or whether they were associated with a foreign government. The source said the campaign was already aware of attempts to penetrate its computers and had taken steps to thwart them, emphasizing that there is still no evidence that the campaign’s computers had actually been successfully penetrated.

But the potential that the intruders were associated with a foreign government should have come as no surprise to the Clinton campaign, said several sources knowledgeable about the investigation. Chinese intelligence hackers were widely reported to have penetrated both the campaigns of Barack Obama and John McCain in 2008.

The Brooklyn warning also could raise new questions about why the campaign and the DNC didn’t take the matter more seriously. It came just four months after the DNC had also been contacted by FBI agents alerting its information technology specialists about a cyberattack on its computers, the sources told Yahoo News. As with the warning to the Clinton campaign, the FBI initially provided no details to the DNC....

By mid-May, Director of National Intelligence James Clapper was telling reporters that US. Intelligence officials “already had some indications” of hacks into political campaigns that were likely linked to foreign governments and that “we’ll probably have more.”

In a talk at the Aspen Security Forum Thursday, Clapper said the U.S. government is not “quite ready yet” to “make a public call” on who was behind the cyberassault on the DNC, but he suggested one of “the usual suspects” is likely to blame. “We don’t know enough [yet] to…ascribe a motivation, regardless of who it may have been,” Clapper said....

Clapper is reportedly among a number of U.S. intelligence officials who have resisted calls to publicly blame the Russians, viewing it as likely the kind of activity that most intelligence agencies engage in. “[I’m] taken aback a bit by…the hyperventilation over this,” Clapper said during his Aspen appearance, adding in a sarcastic tone, “I’m shocked somebody did some hacking. That’s never happened before.”...

The FBI’s request to turn over internal computer logs and personal email information came at an awkward moment for the Clinton campaign, said the source, familiar with the campaign’s internal deliberations. At the time, the FBI was still actively and aggressively conducting a criminal investigation into whether Clinton had compromised national security secrets by sending classified emails through a private computer server in the basement of her home in Chappaqua, N.Y. There were already press reports, to date unconfirmed, that the investigation might have expanded to include dealings relating to the Clinton Foundation. Campaign officials had reason to fear that any production of campaign computer logs and personal email accounts could be used to further such a probe. At the Brooklyn meeting, FBI agents emphasized that the request for data was unrelated to the separate probe into Clinton’s email server. 

But after deliberating about the bureau’s request, and in light of the lack of details provided by the FBI and the absence of a subpoena, the Clinton campaign chose to turn down the bureau's request, the source said."

............................
................. 


7/26/16, "Democrats Ignored Cybersecurity Warnings Before Theft," Bloomberg, Michael Riley

 "The Democratic National Committee was warned last fall that its computer network was susceptible to attacks but didn’t follow the security advice it was given, according to three people familiar with the matter.

The missed opportunity is another blow to party officials already embarrassed by the theft and public disclosure of e-mails that have disrupted their presidential nominating convention in Philadelphia and led their chairwoman to resign.

Computer security consultants hired by the DNC made dozens of recommendations after a two-month review, the people said. 

Following the advice, which would typically include having specialists hunt for intruders on the network, might have alerted party officials that hackers had been lurking in their network for weeks -- hackers who would stay for nearly a year Instead, officials didn’t discover the breach until April....

Cyber-security assessments can be a mixed blessing. Legal experts say some general counsels advise organizations against doing such assessments if they don’t have the ability to quickly fix any problems the auditors find, because customers and shareholders could have cause to sue if an organization knowingly disregards such warnings."...

  
...............

Added, Oct. 29, 2016 column: "Mrs. Clinton has clearly disqualified herself from ever coming near classified information again....Having Clinton anywhere near the White House is just not a good idea."

10/29/16, "Democrats should ask Clinton to step aside," Chicago Tribune, John Kass, opinion
 

"If ruling Democrats hold themselves to the high moral standards they impose on the people they govern, they would follow a simple process:

 They would demand that Mrs. Clinton step down, immediately, and let her vice presidential nominee, Sen. Tim Kaine of Virginia, stand in her place....

If you take a step back from tribal politics, you'll see that Mrs. Clinton has clearly disqualified herself from ever coming near classified information again. If she were a young person straight out of grad school hoping to land a government job, Hillary Clinton would be laughed out of Washington with her record. She'd never be hired.

As secretary of state she kept classified documents on the home-brew server in her basement, which is against the law. She lied about it to the American people. She couldn't remember details dozens of times when questioned by the FBI. Her aides destroyed evidence by BleachBit and hammers. Her husband, Bill, met secretly on an airport tarmac with Attorney General Loretta Lynch for about a half-hour, and all they said they talked about was golf and the grandkids.

And there was no prosecution of Hillary. 

That isn't merely wrong and unethical. It is poisonous. 

And during this presidential campaign, Americans were confronted with a two-tiered system of federal justice: one for standards for the Clintons and one for the peasants. 

I've always figured that, as secretary of state, Clinton kept her home-brew email server — from which foreign intelligence agencies could hack top secret information — so she could shield the influence peddling that helped make the Clintons several fortunes. 

The Clintons weren't skilled merchants. They weren't traders or manufacturers. The Clintons never produced anything tangible. They had no science, patents or devices to make them millions upon millions of dollars.

All they had to sell, really, was influence. And they used our federal government to leverage it.

If a presidential election is as much about the people as it is about the candidates, then we'll learn plenty about ourselves in the coming days, won't we?"


 
.............



No comments:

Followers

Blog Archive

About Me

My photo
I'm the daughter of an Eagle Scout (fan of the Brooklyn Dodgers and Mets) and a Beauty Queen.