Emmanuel Marshall 17 July 2018 15:24:18 AEST 5 MIN READ

Indictment: 2016 Democrat campaign hacked using phishing

A July 13 Washington Post  article reported the indictment of 12 Russians accused of hacking the US Democratic Party in 2016.

The indictment documentation includes detailed information about the process the accused Russian hackers allegedly used to gain access to Democratic Party email accounts and networks.


This is a fascinating case from a cybersecurity POV. The most attention-grabbing detail is that phishing was one of the principal tools used by the accused hackers.

The Washington Post reports that in March 2016 “Clinton campaign chairman John Podesta and others were sent ‘spear-phishing’ emails to steal the login credentials for their email accounts.”

According to the Washington Post, hackers then used the credentials they harvested to access Podesta’s account and steal “over 50,000 emails.” They also used social media research and phishing emails to hack the accounts of other senior Democratic campaign staffers.

In April 2016, the Washington Post reveals, Clinton campaign staffers received an email that seemed to come from a fellow team member.

“Hackers allegedly sent a link to an Excel document named ‘hillary-clinton-favorable-rating.xlsx,” the post reports, “from an email account meant to look like a member of the Clinton campaign team.”

Clinton staffers who opened the malicious Excel document were directed to a dummy website that stole their personal data; a site controlled by a Russian intelligence organisation.

The tactics employed by the alleged Russian hackers are exactly the same kind of social engineering techniques criminals use to defraud businesses; malicious phishing emails disguised as friendly messages from known senders.


How does phishing work?

Phishing is a hacking tactic used by criminals to harvest login credentials and other sensitive data.

MailGuard CEO Craig McDonald talked about phishing in a recent blog post and described the process:

180607-skeleton-1“A phishing attack typically starts with an email which purports to be a notification from a well-known company like a bank or other service provider. A phishing email will contain some sort of message that induces the recipient to click on a link to a fake login page set up by the criminals behind the fraud. The login page will look and behave like a real online portal, but its sole purpose is to collect the victim’s username and password so that the criminals can exploit their account...

The cybercriminals who perpetrate phishing attacks are able to execute devastating BEC scams and CEO fraud attacks.”

Phishing is a devastating cybercrime tactic because it gives attackers a back door right into the inner workings of an organisation. Every company’s daily operations involve thousands of email interactions and people trust very sensitive information to messages they believe to be confidential.

> Read Craig McDonald’s full article on phishing and BEC fraud, here.


Unprotected email is vulnerable to attack

It’s evidence of the power of phishing that it has been identified by investigators as the tool that enabled hackers to pry open the secrets of the 2016 US Democratic campaign.

A recent survey of Australian companies showed that phishing presents a clear threat here, as well. The 2018 AusCERT Survey report found that “phishing and email attacks are still the most prevalent form of cybersecurity incidents, followed by ransomware and malware coming in a close second and third.” The report states that “Phishing emails are the most widely used infection vector employed by 71% of all threat actor groups… Businesses are targets and are generally underprepared.”


Defend your inbox with MailGuard

Phishing attacks can be enormously costly and destructive and new scams are appearing every day. Don’t wait until it happens to your business; take action to protect your company, now.

Effective cybersecurity requires a multi-layered strategy. For a few dollars per staff member per month, add MailGuard's predictive email security. You’ll significantly reduce the risk of malicious email entering your network.

Talk to an expert at MailGuard today about your company's cybersecurity needs: 1300 30 44 30


Stay up-to-date with new posts on the MailGuard Blog by subscribing to free updates. Click on the button below:

Keep Informed with Weekly Updates