“What’s really important about WikiLeaks is that the Russian government has engaged in espionage against Americans,” Hillary Clinton said at the third presidential debate on Wednesday night.
“They have hacked American websites, American accounts of private people, of institutions. Then they have given that information to WikiLeaks for the purpose of putting it on the Internet. This has come from the highest levels of the Russian government, clearly, from Putin himself, in an effort — as 17 of our intelligence agencies have confirmed — to influence our election,” she continued.
WikiLeaks assailed Clinton’s claim via Twitter on Thursday afternoon:
WikiLeaks got a little backup from a somewhat surprising source, as Politico gave Clinton’s statement a mostly negative fact-check. While they were willing to accept the “17 intelligence agencies” tally, they pointed out that contrary to Clinton’s assertions, those agencies have not stated that Vladimir Putin personally ordered any such operation. Fingers were pointed at “Russia’s senior-most officials,” but not Putin himself.
More importantly, Politico notes that “while the intelligence community said that leaks earlier this year from WikiLeaks were ‘consistent with the methods and motivations of Russian-directed efforts,’ it has not directly tied the recent WikiLeaks release of Clinton campaign chair John Podesta’s personal emails to Russia. When Clinton made these remarks during the debate, she was responding to a question on the content of the Podesta leaks.”
However, on Thursday afternoon, Politico reported cyber-security firm SecureWorks and information-technology website Motherboard said they had found evidence strongly suggesting Russia’s “Fancy Bear” military hacking unit was involved in compromising Podesta’s email:
According to the cybersecurity firm SecureWorks, Podesta unwittingly gave Russian hackers access to his Gmail account by clicking a Bitly link that redirected him to a fake Google login page, where he entered his credentials.
The fake Google domain in that link — first reported Thursday by Motherboard — matches one the hacker group Fancy Bear has employed in a wide-ranging spear-phishing campaign that has also targeted major U.S. political institutions, Clinton campaign figures and other top officials.
“The Google-spoofing domain in the Motherboard article is one we observed used by Fancy Bear,” SecureWorks researcher Tom Finney told POLITICO in an email.
Security researchers have long tied Fancy Bear to Russia’s military intelligence agency, the GRU.
Motherboard, which said the same hackers used the same technique to compromise former Secretary of State Colin Powell’s email, posted images of the code from Bitly (a link-shortening service). They said it came from a batch of 9,000 spear-phishing links sourced to two accounts linked to Fancy Bear, which evidently “forgot to set those accounts to private,” a “grave mistake” which allowed investigators to trace much of their activity.
The same security researchers found evidence that those Bitly accounts were used to target 108 email addresses pulled from Hillary Clinton’s email server.
“None of this new data constitutes a smoking gun that can clearly frame Russia as the culprit behind the almost unprecedented hacking campaign that has hit the DNC and several other targets somewhat connected to the U.S. presidential election,” Motherboard concedes, speculating that intelligence agencies may have “data no one else can see.”