@nimh,
Where there is a will there is a way, I imagine the Russians have found a way around the DKIM. At least our intelligence agencies seem to think so.
The following seems to suggest it was through getting Rienhart Jr. password. And then sending a message to Rienhart from a (not really) google account telling Rienhart someone attempted to use his password and he needs to change it. From there a faux route was sent and that is how the DNC was leaked. So he would be using a false address in his emails.
Does a BEAR Leak in the Woods?
Guccifer 2.0: Using DCLeaks, but Quietly
Quote:On June 27, 2016, The Smoking Gun (TSG) received a series of emails from Guccifer 2.0 (guccifer20@aol[.]fr) with the subject “leaked emails”. Most of the messages were sent from the Russia-based Elite VPN IP address 95.130.15[.]34 (located in France) as previously highlighted in our blog post. Some of the emails were sent from another probable Elite VPN IP address 208.76.52[.]163 (Miami, FL). The messages were not spoofed as they passed Sender Policy Framework (SPF) and Domain Key Identified Mail (DKIM) checks. Within the message thread the Guccifer 2.0 persona offered exclusive access to private Clinton campaign emails.
Quote:At the time of this writing, DCLeaks maintains a protected page for Billy Rinehart Jr. – a regional field director for the DNC. Seeing this, The Smoking Gun reached out to Rinehart and obtained a copy of the spearphish used to gain access to his email account. Rinehart was targeted with a spearphish on March 22, 2016 in a timeline and manner matching FANCY BEAR activity initially reported by Secureworks (Secureworks refers to the group as TG-4127). The mid-June 2016 report detailed specific targeting of Google accounts.
Quote:The email message was sent from an individual spoofing the legitimate “
[email protected]” account and contained the subject “Sоmeоne has your passwоrd.” The spearphish message was actually sent from hi.mymail@yandex[.]com, an email address from the Moscow-based webmail provider Yandex. The message appeared to be a security notification from Google which alerted the user with the following content:
Quote:The image of the email shown above was reconstructed from offline content, so not all images and formatting are displayed as in the original online version. The faux message contained a link to a bit.ly shortened URL. According to bit.ly, the link only clicked once during the week of March 20 – the week it was sent.
The bit.ly link would redirect the user to a faux Google URL myaccount.google.com-securitysettingpage[.]ml where the user would then input their credentials into a credential phishing page. The URLs were specifically crafted with encoded strings that were specific to the targeted victim, a technique that was also highlighted within the Secureworks research. Based on this, we assess with high confidence that Rinehart interacted with the malicious link and unknowingly passed his credentials to the attackers.
In any event, to me, that is not even the point. Frankly I could care less if they are valid or not. So brazil gave Hillary an answer to a question and Hillary used it. I mean considering the alternative to Hillary, who really cares? I know I don't. Fine her and fire her. I don't care. To me the bigger issue is the Russian interference in our elections and the risk to our future cyber security. It should be a big concern. The time it was to a useful scapegoat with a lot of baggage and not real ethical behavior sometimes. I was originally for Biden and really wished he ran, but between Bernie and Hillary, I thought and still think Hillary was the most qualified to be president in this day of age of our dangerous times; and between her and Trump, please; now he is talking about a nuclear arms race. Next time it could be anything, something even more important. That should be the main issue.
But thank you for the links, it was useful.