World

Russian Hackers Faked Gmail Password Form To Invade DNC Email System

A new report reveals the method used by Fancy Bear, a Russian government hacking group, to get inside the systems of the DNC and senior Clinton staff.

Originally posted on
Updated on

SAN FRANCISCO — Russian hackers used emails disguised to look as Gmail security updates to hack into the computers of the Democratic National Committee (DNC) and members of Hillary Clinton’s top campaign staff, according to a report by the SecureWorks cybersecurity company.

The emails, which were sent to DNC and Clinton staff from March 10, appeared almost identical to the standard warnings Gmail users get asking them to reset their passwords, the report found. Once clicked, the links took users to a page that imitated a Google login page, but which was stealing their password information — and downloading malware — designed by a group of Russian hackers known as Fancy Bear.

The emails were sent to 108 members of Democratic presidential nominee Hillary Clinton’s campaign and 20 people clicked on them, at least four people clicking more than once, Secureworks’ research found. The emails were sent to another 16 people from the DNC and four people clicked on them, the report said.

Researchers found the emails by tracing the malicious URLs set up by Fancy Bear using Bitly, a link shortening service. Fancy Bear had set the URL they sent out to read accounts-google.com, rather than the official Google URL, accounts.google.com, the report said.

“We were monitoring bit.ly and saw the accounts being created in real time,” said Phil Burdette, a senior security researcher at SecureWorks, explaining how they stumbled upon the the URLs set up by Fancy Bear.

“They did a great job with capturing the look and feel of Google,” said Burdette, who added that unless a person was paying clear attention to the URL or noticed that the site was not HTTPS secure, they would likely not notice the difference.

Once Democratic Party officials entered their information into the fake Gmail page, Fancy Bear had access to not just their email accounts, but to the shared calendars, documents, and spreadsheets on their Google Drive. Among those targeted, said Burdette, were the Clinton’s national political director, finance director, director of strategic communications, and press secretary. None of Clinton’s staff responded to repeated requests for comment from BuzzFeed News.

CORRECTION

The hacks targeted the Democratic National Committee. A previous version of this article incorrectly identified the Democratic National Convention as the target.

Sheera Frenkel is a cybersecurity correspondent for BuzzFeed News based in San Francisco. She has reported from Israel, Egypt, Jordan and across the Middle East. Her secure PGP fingerprint is 4A53 A35C 06BE 5339 E9B6 D54E 73A6 0F6A E252 A50F

Contact Sheera Frenkel at sheera.frenkel@buzzfeed.com.

Got a confidential tip? Submit it here.