Posted on 06/28/2016 10:14:34 AM PDT by yoe
SecureWorks® Counter Threat Unit™ (CTU) researchers track the activities of Threat Group-4127[1] (TG-4127), which targets governments, military, and international non-governmental organizations (NGOs). Components of TG-4127 operations have been reported under the names APT28, Sofacy, Sednit, and Pawn Storm. CTU™ researchers assess with moderate confidence that the group is operating from the Russian Federation and is gathering intelligence on behalf of the Russian government.
[snip] The Hillary for America presidential campaign owns the hillaryclinton.com domain, which is used for the campaign website (www.hillaryclinton.com) and for email addresses used by campaign staff. An examination of the hillaryclinton.com DNS records shows that the domain's MX records, which indicate the mail server used by the domain, point to aspmx.l.google.com, the mail server used by Google Apps. Google Apps allows organizations to use Gmail as their organizational mail solution.
TG-4127 exploited the Hillary for America campaign's use of Gmail and leveraged campaign employees' expectation of the standard Gmail login page to access their email account. When presented with TG-4127's spoofed login page (see Figure 1), victims might be convinced it was the legitimate login page for their hillaryclinton.com email account.
(Excerpt) Read more at secureworks.com ...
So they are picking up passwords for email accounts?
We are in a time of war.
Give her a fair trial; then hang her.
Both 0bummer & Klintoon should be charged, tried, convicted, sentenced and executed.
Google accounts, which includes their email.
Clinton's campaign is using Google Apps, which hosts email, shared storage, document editing, etc. for a corporate workgroup.
I haven't used my Google email for awhile -- their spam filter wasn't working well, and I switched to iCloud. But, I enabled two-factor authentication long ago: after entering the password, a 6-digit number must be entered, using the Google Authenticator app on my phone.
I don't know if it would have prevented this fake page from reusing the credentials at that moment, but it would have prevented the credentials from being reused afterwards.
Why the hell are they using Google for their email account instead of their own secure server?....oh wait, never mind.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.