{"id":8376,"date":"2017-05-06T20:34:20","date_gmt":"2017-05-07T00:34:20","guid":{"rendered":"https:\/\/spinor.info\/weblog\/?p=8376"},"modified":"2017-05-06T20:34:20","modified_gmt":"2017-05-07T00:34:20","slug":"russian-hacking-and-the-podesta-e-mails","status":"publish","type":"post","link":"https:\/\/spinor.info\/weblog\/?p=8376","title":{"rendered":"Russian hacking and the Podesta e-mails"},"content":{"rendered":"<p>One of the major events during last year&#8217;s presidential campaign was the <a href=\"https:\/\/wikileaks.org\/podesta-emails\/emailid\/34899\">hacking of e-mails<\/a> of the Democratic National Congress. In particular, the hacking of the e-mails of campaign chairman John Podesta.<\/p>\n<p>How it happened is simple. Podesta received a bogus e-mail, purportedly from Google, that there was an unauthorized attempt to log in to his account, and that he should change his password. A helpful link in the form of a button was provided.<\/p>\n<p>Podesta&#8217;s assistant was suspicious and asked for expert help. The expert inadvertently described the e-mail as &#8220;legitimate&#8221; (presumably, he meant to write &#8220;not legitimate&#8221; or &#8220;illegitimate&#8221;) but advised that Podesta should change his password, and provided the correct (Google) link for password changes.<\/p>\n<p>The assistant forwarded the e-mail to Podesta, adding in her own words that &#8220;The gmail one is REAL&#8221;. This prompted Podesta to change his password&#8230; using the fraudulent link provided to him in the original message. By doing so, Podesta inadvertently disclosed his e-mail password to Russian hackers.<\/p>\n<p>How do we know that they are Russian? There are many reasons to believe this to be the case, but I just noticed another peculiarity. (It is possible that I am not the first to notice this, of course.) Look at the subject line of the Podesta e-mails:<\/p>\n<p style=\"padding-left: 30px;\"><strong>Subject<\/strong>:\u00a0S\u043eme\u043ene has your passw\u043erd<\/p>\n<p>Now try searching for the word &#8220;Someone&#8221; on this page using your Web browser&#8217;s built-in search feature (hitting Control-F activates this feature in most browsers). Can you see (or rather not see) how nothing in this Subject line is highlighted?<\/p>\n<p>That is because several of the o&#8217;s in this subject line were typed on a Cyrillic keyboard, and they are Cyrillic characters. A Cyrillic &#8216;\u043e&#8217; appears very much the same as a Latin &#8216;o&#8217;, but it has a different code (hexadecimal 043e as opposed to 006f):<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-8377\" src=\"https:\/\/spinor.info\/weblog\/wp-content\/uploads\/2017\/05\/podesta-hexdump.png\" alt=\"\" width=\"737\" height=\"212\" srcset=\"https:\/\/spinor.info\/weblog\/wp-content\/uploads\/2017\/05\/podesta-hexdump.png 737w, https:\/\/spinor.info\/weblog\/wp-content\/uploads\/2017\/05\/podesta-hexdump-300x86.png 300w\" sizes=\"(max-width: 737px) 100vw, 737px\" \/><\/p>\n<p>Funny thing is&#8230; I got this subject line straight from Wikileaks. You know, the same Wikileaks who are protesting high and low that the e-mail dump is not from Russia. Yet on their very own Web site, the e-mails that resulted in the Podesta hack contain Cyrillic characters. Go figure.<\/p>\n<fb:like href='https:\/\/spinor.info\/weblog\/?p=8376' send='true' layout='standard' show_faces='true' width='450' height='65' action='like' colorscheme='light' font='lucida grande'><\/fb:like>","protected":false},"excerpt":{"rendered":"<p>One of the major events during last year&#8217;s presidential campaign was the hacking of e-mails of the Democratic National Congress. In particular, the hacking of the e-mails of campaign chairman John Podesta. How it happened is simple. Podesta received a bogus e-mail, purportedly from Google, that there was an unauthorized attempt to log in to <a href='https:\/\/spinor.info\/weblog\/?p=8376' class='excerpt-more'>[&#8230;]<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[51,5],"tags":[],"class_list":["post-8376","post","type-post","status-publish","format-standard","hentry","category-computer-security","category-politics","category-51-id","category-5-id","post-seq-1","post-parity-odd","meta-position-corners","fix"],"_links":{"self":[{"href":"https:\/\/spinor.info\/weblog\/index.php?rest_route=\/wp\/v2\/posts\/8376","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/spinor.info\/weblog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/spinor.info\/weblog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/spinor.info\/weblog\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/spinor.info\/weblog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=8376"}],"version-history":[{"count":5,"href":"https:\/\/spinor.info\/weblog\/index.php?rest_route=\/wp\/v2\/posts\/8376\/revisions"}],"predecessor-version":[{"id":8382,"href":"https:\/\/spinor.info\/weblog\/index.php?rest_route=\/wp\/v2\/posts\/8376\/revisions\/8382"}],"wp:attachment":[{"href":"https:\/\/spinor.info\/weblog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=8376"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/spinor.info\/weblog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=8376"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/spinor.info\/weblog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=8376"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}