The SecureWorks’ attribution of March 2016 phishing and hacking of Podesta and other DNC bosses to Russia (1, 2) by Bitly links was false. This is why.
The hackers did not need Bitly. They could insert a direct link to the phishing page. Usage of Bitly had only a downside: the risk of being exposed before the hacking campaign started, and the risk that the redirect from bit[.]ly would trigger a browser warning.
At the relevant time, Bitly shortlinks could be created and used without a Bitly account.
Bitly shortlinks in an account do not indicate that they were used. They cost no money and require very little time. Clicks are even cheaper. A smart hacker can create thousands of decoy shortlinks to hide one used for important business.
The phishing site’s log allows tracking clicks, so creating a Bitly account for that purpose is not warranted.
“GRU created a Bitly account but forgot to set it to private mode” is a fairy tale for idiots. Continue reading SecureWorks attribution of Podesta phishing to Russia was false →