Off-Topic How Podesta's Emails Were Hacked

[TheGardener]

While I intend to not score political points, I think most of us, having joined a techie discussion board, are curious how the access to Clinton's email originated. According to the NY Post, Clinton campaign manager John Podesta fell victim to a classic phishing scam. Podesta received an official looking email supposedly from Google, requesting him to follow the link and update his password. The email stated that there was an unsuccessful attempt to access his account. Podesta had his chief of staff check out the legitimacy of the email. It was forwarded to the Clinton campaign's operations help desk. It came back to Podesta within minutes that the email was legit and that he needed to change his password. The rest is history. Of course the full impact of this history has yet to written.

http://nypost.com/2016/10/29/heres-how-hackers-stole-50000-of-john-podestas-emails/

Title changed to reflect reality.
admin allisolm

 

[feralkid]

Not Clinton's emails.

John Podesta's.

 

[TheGardener]

In fairness to the guy on the operations help desk, the following...

"The help-desk staffer, Delevan, emailed to Podesta’s chief of staff a separate, authentic link to reset Podesta’s Gmail password and encouraged Podesta to turn on two-factor authentication. That feature protects an account by requiring a second code that is separately sent to a cell phone or alternate email address before a user can log in. “It is absolutely imperative that this is done ASAP,” Delevan said."

 

[DesiPower]

Not Clinton's emails.

John Podesta's.

Second that, misleading title, on one hand OP touts OT thread, intending to be non-political, on the other hand makes it sensational...

 

[Imp]

Two stage authentication with extra email/phone is the best thing ever. Now, why the fuck haven't any of my banks adopted it?

It's harder to get into my Blizzard account than it is my bank account.

 

[TheGardener]

You guys are intentionally being picky, perhaps because you are partisan. Look at any media article, and you see a byline or headline that is meant to grab your attention. If I used a subject of Podesta's emails in this ATOT forum, 90% of the readers would have no clue what the heck the topic was about. Same thing you see in the mainstream media. They use the term Clinton's emails. And it's legit because it is about her campaign. Anyway my intention is to focus in on the method of the hacking. If you want to reply with some partisan and petty post, it's on you.

 

[Red Squirrel]

Wow I would have expected something more sophisticated than what basically amounts to social engineering. (essentially phishing is just a form of it). I would have figured it was an exploit in the mail software that would have allowed to send a specially formatted packet to remotely execute code or something.

Some of these phishing schemes are getting really good though, like every time I order something online I get one of those fake UPS notification emails that basically says there is an issue with my package and I have to login to verify. (of course it would be trying to send me to a fake site).

Though a new one I seem to see a lot lately is fake lawsuits, which got me thinking, what if it was real, and you ignore it, do you automatically lose the case because you thought it was a scam? They usually go in my spam folder, I just go through it once in a while.

 

[Red Squirrel]

Two stage authentication with extra email/phone is the best thing ever. Now, why the fuck haven't any of my banks adopted it?

It's harder to get into my Blizzard account than it is my bank account.

Yeah it is kinda sad when you think about it. Don't forget phone banking, it's usually like a 4 digit password for that. Even if you don't use phone banking, it's probably still active.

 

[lxskllr]

If you're getting sued, you'll find ouy by registered mail.

Social engineering can be sophisticated, and hard to pull off. It requires homework, and the ability to think fast on your feet. I wouldn't trivialize it.

 

[TheGardener]

Some of these phishing schemes are getting really good though, like every time I order something online I get one of those fake UPS notification emails that basically says there is an issue with my package and I have to login to verify. (of course it would be trying to send me to a fake site).

I try not to click on embedded links. But sometimes I get emails where there doesn't seem to be an easy work around, like using my existing bookmark or typing the site name in the search box of my browser. There are situations where I want the information. Not including crap in my spam or junk folder, I guess I take a risk in 1 of 50 emails with request to click on a link.

 

[Imp]

Yeah it is kinda sad when you think about it. Don't forget phone banking, it's usually like a 4 digit password for that. Even if you don't use phone banking, it's probably still active.

Phishing is still the tried and tested, best way of hacking. They just arrested a bunch of people doing the tax man scam. I've gotten them: someone robocalling about how the CRA (our IRS) is suing you. They got 1900+ to fall for it in under 3 years.

Since January 2014, based on statistics from Canadian Anti-Fraud Centre more than 1,900 Canadians have fallen victim to it and handed over more than $5.7 million.

http://www.cbc.ca/news/business/cra-scam-phone-calls-india-1.3815530

Most people don't know how most things work. I don't either.

 

[Capt Caveman]

You guys are intentionally being picky, perhaps because you are partisan. Look at any media article, and you see a byline or headline that is meant to grab your attention. If I used a subject of Podesta's emails in this ATOT forum, 90% of the readers would have no clue what the heck the topic was about. Same thing you see in the mainstream media. They use the term Clinton's emails. And it's legit because it is about her campaign. Anyway my intention is to focus in on the method of the hacking. If you want to reply with some partisan and petty post, it's on you.

Partisan? That's what you are dumbass.

 

[Red Squirrel]

Yeah I heard about that CRA scammer bust, crazy how they setup actual call centres strictly for scamming. Kinda wonder how it even goes on for that long if it's illegal there.

 

[TheGardener]

Title changed to reflect reality.
admin allisolm

I respectfully disagree for the reason I wrote above. I also think you are applying a standard, that if universally enforced, would require changing a significant number of subject titles in this and even other forums. By doing this, you have helped politicize the topic rather than aiding in the comprehension and focusing in on the actual point of the post. I expected others to do this, but not a moderator.

There is only one legitimate venue for questioning a moderator action, and that is in Mod Discussions.

Perknose
Forum Director