Back to blog

Going Phishing: How Clinton’s Campaign Chairman Did the Right Thing But His Email Was Still Breached

Pathlock
November 3, 2016

Going Phishing: How Clinton’s Campaign Chairman Did the Right Thing But His Email Was Still Breached

The breach at Sony should have been a red flag that emails aren’t as safe as we may think they are. The hack led to the release Going Phishingof countless employee emails that were not only damaging to the company but embarrassing to individuals as well. Jobs were lost but the country ate up all that behind-the-scenes gossip. People ignored the fact that these emails were illegally obtained and distributed because it made for a good story. And now that story continues with the WikiLeaks release of a treasure trove of emails from the Democratic National Committee and Hillary Clinton’s campaign chairman, John Podesta. Now details have emerged on how Podesta’s emails were breached and, as it turns out, he took the right steps to protect himself. Podesta received an email that looked like it came from Google’s security team making him aware of a breach attempt from the Ukraine and that he had to change his password. (Word to the wise – if you receive an email like this and think that it’s real, go directly to the web site and log in. DO NOT click on the link in the email!) Instead of clicking on the link, Podesta forwarded it to the Clinton campaign’s operation’s help desk to review. Soon after checking the email, Podesta received a reply that it was authentic and he needed to immediately change his password. So he took the right steps, forwarded it to someone who should have known better, and then was given the approval to click on the link and change his password. And that was a BIG TIME blunder. Shockingly (unfortunately there is no Sarcastic font) it turned out it was a phishing email and Podesta took the bait. He followed the link, changed his password, and… voila… we are all now able to read every email he sent and received on the account. Indications are that Podesta was personally targeted and it was a well-crafted phishing email. And if Sony’s breach wasn’t enough to wake executives up to the threat, this should be treated like Reveille at 5AM. It’s time to get up and do something! Although Pedestal was using Gmail, executives need to be concerned about their corporate email accounts. Clicking on a phishing email like this at the corporate level typically results in malware being placed on the system. The malware then may change the network traffic behavior of a computer. For example, it could start pinging a command and control server at an unusual IP. It could also start leveraging a protocol or port not usually used for any typical services. If the infected computer is always connected via the corporate network then there should be network boundary solutions (IDS/IPS) to detect for connections to unusual IP or ports. Pathlock’s Cyber Governance solution then aggregates information from the boundary solutions and the computer configuration to report on unusual user behavior to external networks and non-compliant secure configurations, raising the red flag that there may be a breach. It’s a necessary step in protecting corporate emails when these phishing emails have been shown to be very successful time and again! Contact Pathlock to learn more about protecting your enterprise from breaches.