undefined | Better HN

0 pointsthomasdub9y ago0 comments

I appreciate the sentiment that anyone can phish or password guess, but even a cursory glance at infosec reports shows there was an operation targeting the DNC that was far more sophisticated than a one man job.

Firstly we know that that Podesta's account was targeted by a phishing email with a bit.ly link [0]. We have proof the bit.ly phishing link in this email was clicked twice in March [1], and his wikileaks dump stops two days after that. The bitly link uses the TTP of base64 encoded strings targeting a google account. We know DNC staffers whose information was leaked by DC Leaks, like Rinehart, were targeted the same way [2] and that the same infrastructure hosted the Rinehart and Podesta phishing pages, along with plenty of other phishing sites [3]. You can verify the bitly links if you like.

We have reports long before Wikleaks released Podesta's information, and before DC leaks had released most of their information, that the same TTP of bitly links with base64 encoded strings that targeted Podesta, Rinehart etc. were targeting other high profile targets in Clinton's campaign [4] as well as Russians, Ukranians etc. [5]. According to security firms these were all using the same two bitly accounts.

Those attacks were attributed to APT 28 by private companies long before Wikileaks released any Podesta information.

We also have proof the same infrastructure that hosted dcleaks [6] hosted domains targeting Syrian human rights groups, Ukranians, Turks, Google accounts, Microsoft accounts etc. or that other IPs used were also used in attacks against the German Parliament, Tv5 etc. That's definitely circumstantial, but a one man job would be terribly unlucky to use a private Romanian server seen used in previous attacks attributed to a state actor.

Sure this could all be circumstantial, it definitely doesn't prove Russia did anything, but the suggestion that this is a one man operation is ludicrous - almost 4,000 people were targeted by the group that targeted the Clinton campaign. In relation to your other comment below, Assange has less credibility than the DHS report unless he comes out with some sort proof.

[0] https://wikileaks.org/podesta-emails/emailid/34899 [1] https://bitly.com/1PibSU0+ [2] http://www.thesmokinggun.com/documents/investigation/trackin... [3] https://www.passivetotal.org/search/80.255.12.237 [4] https://www.secureworks.com/research/threat-group-4127-targe... [5] https://www.secureworks.com/research/threat-group-4127-targe... [6] https://www.threatconnect.com/blog/does-a-bear-leak-in-the-w... and indeed this entire series.

0 comments

ivan_gammel9y ago

There's a lot of state and private actors interested in collecting intelligence on possible outcome of the elections. Many could touch DNC networks and leave some trails (including two supposedly Russian intelligence agencies). Publication of e-mails can be related to the intrusion, but can be the result of an inside job. It's not one man's job - yes, sure, but how many people can rob the same supermarket during riots?

j / k navigate · click thread line to collapse

0 pointsthomasdub9y ago0 comments

Those attacks were attributed to APT 28 by private companies long before Wikileaks released any Podesta information.