This morning, President-elect Donald Trump continued to push back on the pervading narrative that Russian hackers interfered with the presidential election by leaking emails from the Democratic National Committee and high-ranking official John Podesta. He cited a quote from WikiLeaks founder Julian Assange, who spoke to Sean Hannity on Fox News on Tuesday evening.
Assange also claimed that the Russian government was not the source who provided him with the cache of emails. “Our source is not a state party,” Assange said, the semantic precision of which does not contradict the belief that third-party hackers worked in concert with Russian government directives.
The argument, as Trump presents it, lays fault at the feet of the DNC. Asserting that their security measures were inadequate is not incorrect — Podesta was felled by a spearphishing scheme requiring his participation. But the thrust of Trump’s pushback on the infiltration, which the intelligence community and the current president of the United States strongly believe happened, is that hacking is apparently so easy that a child could do it. This is not a new argument for Trump. During the election, Trump memorably invoked the computer usage of his 10-year-old son, Barron, as evidence of the ease of hacking.
Technically, an enterprising 14-year-old could have tricked John Podesta, but a trail of clues will lead anyone with half a brain to the conclusion that that’s not what happened. On Twitter, security consultant Matt Tait has a thorough rundown of why it’s reasonable to assume Podesta was hacked by operators working on a large scale.
It’s pretty technical, but I’ll try to sum it up in brief. Examining the shortened Bitly link in the Podesta phishing email shows a URL structure that allowed the falsified Google sign-in page to appear legitimate, autopopulating Podesta’s email address and image.
The hackers generated the shortened Bitly link in the email automatically using the Bitly API, which requires creating an account on the service. In layman’s terms, hackers automated the creation of phishing links, making a custom link for each target. Said Bitly account was, for a period of time, public, letting researchers see whom the hackers were targeting.
The techniques used against Podesta bear striking similarities to hacking techniques used against those hundreds of targets. According to researchers from SecureWorks, the hackers, known as Threat Group-4127, targeted Russian individuals. Targets outside of Russia fell into categories including military and government personnel, aviation experts, and aerospace researchers. You know, the kinds of stuff 14-year-olds love.
So, could have a 14-year-old have done this? I mean, sure, but that’s like saying anyone with the ability to use a keyboard could have done this. It’s a claim so general and unsupported by the evidence as to be empirically useless. Rhetorically, however, it’s really come in handy.