b*****d 发帖数: 61690 | 1 【 以下文字转载自 USANews 讨论区 】
发信人: brihand (brihand), 信区: USANews
标 题: 拉里团队智商堪忧:一个typo引起的hacking
发信站: BBS 未名空间站 (Tue Dec 13 16:15:58 2016, 美东)
The hack and eventual release of a decade’s worth of Clinton campaign head
John Podesta’s emails may have been caused by a typo, reports the New York
Times.
On March 22, Podesta received an email purportedly from Google saying
hackers had tried to infiltrate his Gmail account. When an aide emailed the
campaign’s IT staff to ask if the notice was real, Charles Delavan, replied
that the email was “a legitimate email" and that Podesta should “change
his password immediately.”
The email was not legitimate. It was a phishing email that ultimately
revealed Podesta’s password to hackers. Soon after, WikiLeaks began
releasing 10 years of Podesta’s emails.
Delavan told the Times he had intended to type ‘illegitimate,” a typo he
still has not forgiven himself for making.
Instead of telling the aide that the email was a threat and that a good
response to the threat would be to change his password on Google’s real
website, he had inadvertently told the aide to click on the fraudulent
email and give the attackers access to the account.
In late October the firm SecureWorks identified a Bit.ly account and
Wikileaks-released email that appeared to have been used to attack Podesta’
s account.
The Bit.ly service shortens web addresses, which can make them easier to
share – and less likely to set off malicious website alarms. SecureWorks
found a Bit.ly account being used by hackers containing links to a spate of
phishing sites with victim information encoded in the web address.
SecureWorks soon found the email, and Delavan’s response, in the Wikileaks
archive.
The Podesta leaks dominated the news cycle towards the end of the campaign,
and included then-CNN contributor Donna Brazile giving the Clinton camp
advance warning of questions Clinton would be asked during primary debates.
Brazile is now acting chair of the Democratic National Committee. |
|