Security Through Education

A free learning resource from Social-Engineer, Inc

  • Newsletter
  • Contact Us
  • Social-Engineer, LLC
  • The Human Hacking Conference
  • The Human Hacking Book
Home
  • Home
  • Blog
  • Podcast
  • Framework
  • More
    • Social Engineer Village (SEVillage) at DEF CON
    • SEVillage at DerbyCon
    • The Human Hacking Conference
    • What is Social Engineering?
    • Newsletter
  • Home
  • About
  • Blog
  • Podcast
  • Framework
  • EVENTS
    • Social Engineer Village (SEVillage) at DEF CON
    • SEVillage at DerbyCon
    • The Human Hacking Conference
  • Resources
  • YouTube
  • Linked In
  • Twitter
  • Facebook

by Social-Engineer • November 17, 2016 8 Comments

Spear Phishing Attacks Breach Podesta, Powell, and the DNC

Recent headlines have thrown social engineering tactics back into the spotlight and with the election, it’s no wonder that the candidates are the primary targets of attacks. In recent months Robert Podesta, Colin Powell and the Democratic National Convention have had emails dumped to WikiLeaks by persons unknown. While many of these are attributed to a certain group, the goal here is not to look at the attribution but the method.

When looking at a suspicious email from any service, you should always check the sender and ask yourself, “Did I expect this message or do I know this person?” If the answer to that is no, then you should absolutely look closer. If the service is one you use, go directly to the service itself. Don’t use links provided in an email, because concealing malicious links is very easy. In fact, according to a study by RSA, URL shorteners like Bitly and tiny.url have been heavily used in recent months. In the case of Podesta, the Bitly address was embedded into the google.com URL as a redirect. The following graphic was pulled from an Ars Technica article, and we have added some flags to look for that may indicate a phish.

Spear Phishing Attacks Breach Podesta, Powell, and the DNC

Figure 1: A few flags to look for in emails to help spot a fake.

Another thing that went wrong here was that though the IT staff were fooled by the spear, they issued advice (namely, to go to gmail.com directly and change the password and enact 2FA) which was best practice; however, the staffers or Podesta himself simply clicked the link. If you go to an IT professional and ask their advice, it’s probably a best practice to follow that advice. Once again, don’t click links in emails; rather, navigate to the known good website directly and see if the information is true or to make any requested changes to your account.

In conclusion, any time you receive an email:

  1. Look carefully at the sender address
  2. Don’t click any links, rather navigate to the site directly
  3. If it’s at all possible, enable 2 Factor Authentication

Following some basic guidelines can dramatically reduce your attack surface and help keep you and your organization safe online.

Sources:
https://community.rsa.com/servlet/JiveServlet/downloadBody/58632-102-1-57322/2016_Q2_FraudAction_Quarterly_ThreatReport.pdf
http://arstechnica.com/security/2016/10/russia-linked-phishing-campaign-behind-the-dnc-breach-also-hit-podesta-powell/
http://motherboard.vice.com/read/how-hackers-broke-into-john-podesta-and-colin-powells-gmail-accounts

Filed Under: General Social Engineer Blog Like it? Share it!

PREV POSTThe SECTF DEF CON 24 Report Release
NEXT POSTYour Appliances Are On The Attack

Comments

  1. hadoop training says

    November 23, 2016 at 6:23 am

    nice article…

  2. Industrial Networking says

    December 8, 2016 at 7:19 am

    An informative blog post, that isn’t full of non-qualified information! At last! It is rare these days. I have been in the industry for a while now and I like to read up on whats new daily. Usually I read in article and I am so disappointed afterwards because I feel the article has been based on estimates. This however I have full trust in, so thank you.

Trackbacks

  1. Spear phishing attacks breach Podesta, Powell, and the DNC – Cyber Security says:
    November 17, 2016 at 1:35 pm

    […]   Recent headlines have thrown social engineering tactics back into the spotlight and with the election, it’s no wonder that the candidates are the primary targets of attacks. In recent months Robert Podesta, Colin Powell and the Democratic National Convention have had emails dumped to WikiLeaks by persons unknown. While many of these are attributed Continue Reading > […]

  2. Spear phishing attacks breach Podesta, Powell, and the DNC – sec.uno says:
    November 17, 2016 at 4:32 pm

    […]   Recent headlines have thrown social engineering tactics back into the spotlight and with the election, it’s no wonder that the candidates are the primary targets of attacks. In recent months Robert Podesta, Colin Powell and the Democratic National Convention have had emails dumped to WikiLeaks by persons unknown. While many of these are attributed Continue Reading > […]

  3. Overcoming ‘cyber-fatigue’ requires users to step up for security – Singapore IT training says:
    January 23, 2017 at 8:42 pm

    […] is by attacking the minds of its users and administrators. Called “social engineering,” this type of attack is extremely successful because individual users’ actions remain the most challenging […]

  4. Overcoming ‘cyber-fatigue’ requires users to step up for security - Stuff says:
    January 25, 2017 at 12:36 am

    […] is by attacking the minds of its users and administrators. Called “social engineering,” this type of attack is extremely successful because individual users’ actions remain the most challenging […]

  5. Overcoming 'Cyber-Fatigue' Requires Users To Step Up For Security says:
    January 25, 2017 at 11:02 am

    […] is by attacking the minds of its users and administrators. Called “social engineering,” this type of attack is extremely successful because individual users’ actions remain the most challenging […]

  6. WTN News | Overcoming ‘cyber-fatigue’ requires users to step up for security says:
    February 25, 2019 at 11:05 pm

    […] is by attacking the minds of its users and administrators. Called “social engineering,” this type of attack is extremely successful because individual users’ actions remain the most challenging […]

Leave A Reply Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Become a Newsletter Subscriber

Upcoming Events

human hacking conference image

Need S.E. Training?

pro-services

What’s Going On…

  • Human Hacking Conference 2021 Goes Virtual!
  • Ep. 138 – Security With Marcus Sailler of Capital Group
  • Ep. 137 – Human Hacking With Chris Hadnagy

Need a speaker for your event?

Looking for a good book?

The newest book from Chris Hadnagy:

Or any of his older books:

  

Find Posts by Topic

Find Posts by Month

Our Valued Sponsors & Partners

Print EFF
Back To Top Copyright © 2021 Social Engineer, Inc • All Rights Reserved • Site design by Emily White Designs