News Other

How Russian hackers infiltrated the DNC and how you can prevent getting phished

You_Have_Been_Hacked!.jpg

On Friday, Robert Mueller, Special Counsel for the United States Department of Justice, indicted 12 Russian spies for their involvement in the hacking of the Democratic National Committee network and the distribution of private emails and information related to the network. It was part of Russia's efforts to manipulate the 2016 US presidential election. Mueller's investigation details how these hackers managed to gain access to the DNC network, and it serves as a warning to us all.

According to a report by VOX, "It started with a single spear phishing email; a personalized, targeted hacking attempt sent to an employee at the Democratic Congressional Campaign Committee. Once inside the DCCC network they were also able to gain access to the DNC using malware on employee’s computers."

During a period of just over a year, hackers flooded specific email accounts with phishing messages that posed as official notifications from Google. Below is one such example of an email sent to Hillary Clinton's campaign aide, William Rinehart.

phising email.jpg

Looks familiar, doesn't it. Hackers will use popular sites like Google, Netflix, the PlayStation Network, and so on, to trick people into believing that something is wrong with their subscription and that they need to reset their password or other information. The moment you click on the link, the hacker has access to your device. These phishing emails will include information like your name and a subscription you belong to, so you'll believe it is legit.

According to VOX, a staggering 91% of cyberattacks start with a phishing email scam. The big Sony hack of November 2014 is one such example. The Democratic Congressional Campaign Committee network breach started with a single email like the above example where an employee was asked to change her password and login details. The Russian hackers behind the email took screenshots of her changing the details, as well as used a keylogger to track exactly what she typed. So, when she logged into her DCCC account, they could log in as well. One email breach gave them access to everything on the DCCC network - opposition research, private emails, you name it. Not only did they gain access to information, they also installed malware on nine other computers on the DCCC network.

One of these computers had access to the Democratic National Committee network, and the hackers were able to the breach the larger network. It had a snowball effect and they stole thousands of emails which Wikileaks then leaked online for everyone to read. The Clinton campaign was crippled.

So how do you tell the difference between a spear phishing  email and a legitimate one, and how do you prevent getting hacked?

Two-factor authentication is a good start, but it is not enough. Firstly, check the URL to see if it is legitimate, that it contains the proposed company's credentials. Secondly, don't access your account directly from the email link, go to the official website, be it your PlayStation Network login, Google, or Netflix accounts. VOX reports that 56% of people who fall for phishing scams do so from a message they receive directly on their cell phone. Don't click on it, if it looks suspicious it probably is.

The video below gives a quick rundown of the DCCC and DNC network breaches and how to prevent hackers from getting to you, too.

Han: Twitter / GameZone: Twitter Facebook | Instagram | YouTube


"It started with a single spear phishing email"

Other news from around the NET:

Recent Comments

Community on Disqus

Latest Reviews

Forza Horizon 4 Review

Forza Horizon 4 Review

 

With a gorgeous open world, epic car roster and a new seasonal system, this year's Forza is the best...

V-Rally 4 Review

V-Rally 4 Review

 

V-Rally 4 delivers some great off-road racing that all rally fans will enjoy.

comments powered by Disqus