Hillary Clinton's campaign chief probably handed access to his personal email account to hackers in March, a security research firm said Thursday, by complying with instructions they sent asking him to change his password.
A "Bitly" link included in a March 19 email in an account held by campaign chairman John Podesta led researchers at SecureWorks to make the discovery. Bitly is a service that shortens links, and the data is sometimes public. SecureWorks has traced thousands of the links to a hacking group associated with Russian military intelligence agency GRU. That group is known alternatively as Fancy Bear, Sofacy or APT 28.
The link was clicked twice after its delivery to Podesta's Gmail account, researchers told Motherboard, probably by Podesta. It led to a website controlled by the hackers that looked like Google's password reset site and that asked Podesta to change his password.
SecureWorks has been able to identify a number of Fancy Bear's targets by tracking the Bitly links. Those targets have included former secretary of state Colin Powell, whose emails were published by DCLeaks in September, as well as William Rinehart and Sarah Hamilton, both staffers on the Clinton campaign.
The fact Hamilton had been targeted was first made public by Guccifer 2.0, a self-professed Romanian hacker that the intelligence community said this month is affiliated with the Russian government. SecureWorks discovered the breach of Rinehart's account.
The reason the hackers use links that can be traced is unclear, though it does help them to ensure targets are at least interacting with their emails.
Bitly pointed out in a statement that it is not able to discern regular users from hackers. "The links and accounts related to this situation were blocked as soon as we were informed. This is not an exploit of Bitly, but an unfortunate exploit of Internet users through social engineering.
"It serves as a reminder that even the savviest, most skeptical users can be vulnerable to opening unsolicited emails," Bitly said.
WikiLeaks has released more than 20,000 emails obtained from Podesta's Gmail account this month, and has said as many as 30,000 more are forthcoming.