Skip To Content
BuzzFeed News Home Reporting To You

Utilizamos cookies, próprios e de terceiros, que o reconhecem e identificam como um usuário único, para garantir a melhor experiência de navegação, personalizar conteúdo e anúncios, e melhorar o desempenho do nosso site e serviços. Esses Cookies nos permitem coletar alguns dados pessoais sobre você, como sua ID exclusiva atribuída ao seu dispositivo, endereço de IP, tipo de dispositivo e navegador, conteúdos visualizados ou outras ações realizadas usando nossos serviços, país e idioma selecionados, entre outros. Para saber mais sobre nossa política de cookies, acesse link.

Caso não concorde com o uso cookies dessa forma, você deverá ajustar as configurações de seu navegador ou deixar de acessar o nosso site e serviços. Ao continuar com a navegação em nosso site, você aceita o uso de cookies.

Russian Hackers Faked Gmail Password Form To Invade DNC Email System

A new report reveals the method used by Fancy Bear, a Russian government hacking group, to get inside the systems of the DNC and senior Clinton staff.

Last updated on October 15, 2016, at 1:41 p.m. ET

Posted on October 15, 2016, at 10:41 a.m. ET

Saeed Khan / AFP / Getty Images

Hillary Clinton with Russian President Vladimir Putin in the background

SAN FRANCISCO — Russian hackers used emails disguised to look as Gmail security updates to hack into the computers of the Democratic National Committee (DNC) and members of Hillary Clinton’s top campaign staff, according to a report by the SecureWorks cybersecurity company.

The emails, which were sent to DNC and Clinton staff from March 10, appeared almost identical to the standard warnings Gmail users get asking them to reset their passwords, the report found. Once clicked, the links took users to a page that imitated a Google login page, but which was stealing their password information — and downloading malware — designed by a group of Russian hackers known as Fancy Bear.

The emails were sent to 108 members of Democratic presidential nominee Hillary Clinton’s campaign and 20 people clicked on them, at least four people clicking more than once, Secureworks’ research found. The emails were sent to another 16 people from the DNC and four people clicked on them, the report said.

Researchers found the emails by tracing the malicious URLs set up by Fancy Bear using Bitly, a link shortening service. Fancy Bear had set the URL they sent out to read, rather than the official Google URL,, the report said.

“We were monitoring and saw the accounts being created in real time,” said Phil Burdette, a senior security researcher at SecureWorks, explaining how they stumbled upon the the URLs set up by Fancy Bear.

“They did a great job with capturing the look and feel of Google,” said Burdette, who added that unless a person was paying clear attention to the URL or noticed that the site was not HTTPS secure, they would likely not notice the difference.

Once Democratic Party officials entered their information into the fake Gmail page, Fancy Bear had access to not just their email accounts, but to the shared calendars, documents, and spreadsheets on their Google Drive. Among those targeted, said Burdette, were the Clinton’s national political director, finance director, director of strategic communications, and press secretary. None of Clinton’s staff responded to repeated requests for comment from BuzzFeed News.


The hacks targeted the Democratic National Committee. A previous version of this article incorrectly identified the Democratic National Convention as the target.

  • Picture of Sheera Frenkel

    Sheera Frenkel is a cybersecurity correspondent for BuzzFeed News based in San Francisco. She has reported from Israel, Egypt, Jordan and across the Middle East. Her secure PGP fingerprint is 4A53 A35C 06BE 5339 E9B6 D54E 73A6 0F6A E252 A50F

    Contact Sheera Frenkel at

    Got a confidential tip? Submit it here.

A BuzzFeed News investigation, in partnership with the International Consortium of Investigative Journalists, based on thousands of documents the government didn't want you to see.