
Microsoft reveals first known midterm campaign hacking attempts - bougiefever
https://www.politico.com/story/2018/07/19/midterm-campaign-hacking-microsoft-733256
======
creaghpatr
I think the press should do a better job distinguishing between hacking
attempts and phishing attempts. Phishing attempts are largely avoidable and it
would serve not just the politicians but the public to be educated on best
practices to avoid being phished.

At my previous company we were tested once a month to learn how to identify
suspicious landing pages or links/domains.

~~~
tptacek
I don't know anybody who specializes professionally in phishing that believes
this. What I hear from those kinds of people, and many others, is the
opposite: that especially when you're trying to secure an organization, the
one attack you feel helpless to prevent is targeted phishing. Technologists in
particular are apparently easy to victimize; they underestimate how malleable
the medium is, and how well sophisticated attackers understand the cues we all
rely on to evaluate the legitimacy of messages and gate the shortcuts most of
us take.

My suspicion is that anyone who downplays phishing attacks is betraying a lack
of understanding of how scarily effective targeted phishing attacks are.

~~~
shados
That's so true. Our IT dep runs "fake" fishing attacks regularly and last time
they did it I totally got caught.

They happened to send a fake error report email (which had all of the "red
flags" you should catch before clicking a link in an email) on the day I
started an oncall rotation that had me receive similar emails. I was wary of
missing one, so when I saw it coming, :click:.

I was greeted with a nice message to educate me about what I had just done and
how to avoid it. I knew all of this of course (Ive worked in security!), but
it just shows how no one is foolproof.

~~~
lhuser123
If it’s that easy to fool a trained professional, imagine the rest of the
people out there. I sometimes which never have learned about this stuff. It’s
difficult to watch so many people clicking on fake pages or potentially
dangerous links because they can’t (or care to) differentiate between ads and
google results. Maybe I’m wrong but I think it should be regulated.

------
pandasun
I know this is about congressional campaigns, but does anyone remember this
from 2008? [https://www.theguardian.com/global/2008/nov/07/obama-
white-h...](https://www.theguardian.com/global/2008/nov/07/obama-white-house-
usa)

I wonder why that never reached the same amount of outcry when Obama won.

~~~
im_cynical
"Hackers broke into the computer systems of the Barack Obama and John McCain
campaign teams during the US presidential race and stole a ''serious amount of
files" in an operation that US government cyber experts believe originated
from China."

Probably because it wasnt one foreign hostile power directing attempting to
sway one specific candidate. Or perhaps because there was no evidence or
allegations against Obama or his circle was involved in treasonous activity
with said hostile power.

~~~
mistermann
> it wasnt one foreign hostile power directing attempting to sway one specific
> candidate

Any idea where can I read more about the analysis around this determination?

~~~
pwinnski
Start with the parent comment's quote of the grandparent comment's link, which
mentions that both major parties had their files copied.

~~~
mistermann
There is no mention of a determination of what was done with it. I want to
know how he knows, is that not fair?

~~~
mistermann
HN 2018: When you can't answer a question or back up a claim, downvote.

~~~
mistermann
Oh my aren't we persistent in our passive aggressiveness.

