The indictments filed on July 13 by the Special Counsel Robert Mueller reveal an astonishing amount of detail about the Russian hackers.
Steve Gibson talks about the level of details in these indictments in episode 672 "Security Now Podcast" starting at 1:26. This LINK should take you to the right moment in the podcast saving you the trouble of having to chew through the entire document while adding some humor and perspective.
In hindsight, the complete hack of the DNC starts with an email containing a link to a spoofed website asking the user to reset the password.
Reading this I am banging my head against my 27" iMac wandering if people will ever learn not to follow links in their emails. A specially the ones asking to change passwords or log into your account!
I blame their admin for the failure not to enforce 2 Factor Authentication using software like 1Password, Google Authy and the like. Even better use Yubikey's. Further, the admin could have disabled the option for the users to change the password themselves and use robust passwords.
Given enough resources, anything can and will be hacked, but it should not have been so easy to get a flying start into hacking an entire network. Using strong passwords and 2-factor authentication dramatically raises the bar.
Contact me if you would like to upgrade the security of your email, and other online accounts.