How Hackers Broke Into John Podesta and Colin Powell's Gmail Accounts (vice.com) 116
An anonymous reader quotes a report from Motherboard: On March 19 of this year, Hillary Clinton's campaign chairman John Podesta received an alarming email that appeared to come from Google. The email, however, didn't come from the internet giant. It was actually an attempt to hack into his personal account. In fact, the message came from a group of hackers that security researchers, as well as the U.S. government, believe are spies working for the Russian government. At the time, however, Podesta didn't know any of this, and he clicked on the malicious link contained in the email, giving hackers access to his account. The data linking a group of Russian hackers -- known as Fancy Bear, APT28, or Sofacy -- to the hack on Podesta is also yet another piece in a growing heap of evidence pointing toward the Kremlin. And it also shows a clear thread between apparently separate and independent leaks that have appeared on a website called DC Leaks, such as that of Colin Powell's emails; and the Podesta leak, which was publicized on WikiLeaks. All these hacks were done using the same tool: malicious short URLs hidden in fake Gmail messages. And those URLs, according to a security firm that's tracked them for a year, were created with Bitly account linked to a domain under the control of Fancy Bear. The phishing email that Podesta received on March 19 contained a URL, created with the popular Bitly shortening service, pointing to a longer URL that, to an untrained eye, looked like a Google link. Inside that long URL, there's a 30-character string that looks like gibberish but is actually the encoded Gmail address of John Podesta. According to Bitly's own statistics, that link, which has never been published, was clicked two times in March. That's the link that opened Podesta's account to the hackers, a source close to the investigation into the hack confirmed to Motherboard. That link is only one of almost 9,000 links Fancy Bear used to target almost 4,000 individuals from October 2015 to May 2016. Each one of these URLs contained the email and name of the actual target. The hackers created them with with two Bitly accounts in their control, but forgot to set those accounts to private, according to SecureWorks, a security firm that's been tracking Fancy Bear for the last year. Bitly allowed "third parties to see their entire campaign including all their targets -- something you'd want to keep secret," Tom Finney, a researcher at SecureWorks, told Motherboard. Thomas Rid, a professor at King's College who studied the case extensively, wrote a new piece about it in Esquire.
Phishing, not hacking. (Score:2, Informative)
Truly, only Vladimir Putin himself could have phished some cluser's Google password.
Re:Phishing, not hacking. (Score:5, Informative)
This is SpearPhishing, a highly targeted personalized attack.
Re: (Score:2)
> On March 19 of this year, Hillary Clinton's campaign chairman John Podesta received an alarming email that appeared to come from Google.
This part is funny, because Google puts a giant flag on messages that claim to be from Google saying "THIS IS NOT FROM GOOGLE DO NOT GIVE OUT PERSONAL INFO" or something like that. I probably have a dozen phishing scams in the trash at any given time.
Re: (Score:2)
Re:Phishing, not hacking. (Score:4, Funny)
Yeah, I love doing that kind of thing.
I also convince the telemarketers that I'm putting them on hold and never come back. For example, the computer repair scam? Try -
"Oh, I'm so glad you called! I have a HUGE virus problem and my computer is REALLY slow. Yeah, I'll turn my computer on for you. Just wait a few minutes, it can take 15 minutes to boot up with all those viruses. Do you mind if I put you on hold while we wait for it to finish? I'll be right back...."
Now put them on hold or mute and wait for them to hang up.
Re: (Score:3)
Oh, yes, my favourite: "Yes, I'll get ", or "Hold on, there's someone at the door". Then I see how long before they realize and hang up.
Some idiots even call back, at which time I usually explain that I was purposefully wasting their time.
Re: (Score:1)
Re: (Score:3)
I like to put on my foggy old codger act to coddle them along;
"Start...run....event....viewer.....Oh, it's not good, I'll never remember all this. Do you want me to go to the computer and you can talk me through it? Oh, that's so good of you. It takes so long to start up, my grandson built it for me, but I don't know how to use it, really.....Oh, I think it's stuck, I'll have to turn it off and turn it on again, that what he always tells me to do, hee-hee-hee...etc, etc..." ...While I fire up my here's-one-
Re: (Score:3)
Got a call from "Microsoft" a little while back. The original caller informed me my PC was in trouble and then transferred me to my Scandinavian representative, Mr Gundersen (I kid you not). Mr Gunderson spoke English with a heavy Indian accent (why he didn't speak any of the Scandinavian languages was never explained). Anyway, me, being a really dumb user, took a long time to accomplish what Mr. Gundersen wanted me to do: download and install TeamViewer.
After a good hour I finally "managed to install TV" s
Re: (Score:2)
Re: (Score:2)
I get those all the time. Phishers do include your e-mail address in e-mails, encoded or not. Spearphishing is actually targeted at a specific private app within a company, not an open, public e-mail system.
I'm here too early! (Score:3)
I was looking for the big argument about how Phishing isn't Hacking, and these guys shouldn't be called hackers!
Guess I'll have to wait...
Re: (Score:1)
Compromise: "phacking"
Ignores the issue (Score:2, Insightful)
If the DNC, Podesta, and Media, State Department, DOJ, FBI, and Hillary camp did nothing wrong there would be nothing to expose.
It really truly matters little "who" did the hacking. DNC colluded with media to install a candidate of their choosing. Super-PACs are colluding with the DNC. Clinton Foundation is mostly a front for pay-for-play and benefiting Hillary. Hillary is not the mild tempered person the media has been trying to portray her as, lies to the public, and is in it for personal power. Noth
Re:Ignores the issue (Score:5, Insightful)
Well, there are two issues here, and people love to conflate them together.
1) Spear Phishers got to Podesta, and gained access to his account. The media calls it "hacking" but it wasn't, it was social engineering. One requires expert skills in computers, the other requires basic knowledge of psychology. THIS is all on Podesta for not using 2 Factor authentication.
2) The other bit about collusion with Media, DNC, Hillary Campaign and it even ties into Project Veritas "Bird Dogging" tapes.
These are TWO separate issues, and should be addressed as such. Trump could have flipped the whole "Trump and Putin are buddies" bit by Clinton by saying "I condemn the hack. But that doesn't eliminate the horrible dirty politics of the DNC, Media and Hillary Clinton that was exposed. Hillary, how do you justify Bird Dogging my campaign?"
But Trump is an idiot. He'll never get how to flip attacks back onto the attackers. It requires a kind of mental judo he can't perform.
Re: (Score:2)
Phishing is a tool that can be used by scammers or hackers. In this case, yes, it was hacking.
Re: (Score:2)
It might be "used by hackers" but that doesn't make it hacking per se. Otherwise you muddy the terms. Phishing is exploiting human weakness. Hacking is exposing computer weakness.
It's probably a totally lost cause to get people to use the words in a meaningful way, but for those who don't subscribe to the Humpty Dumpty theory of semantics [bartleby.com], it's important to use words correctly.
Re: (Score:3)
These are TWO separate issues, and should be addressed as such. Trump could have flipped the whole "Trump and Putin are buddies" bit by Clinton by saying "I condemn the hack. But that doesn't eliminate the horrible dirty politics of the DNC, Media and Hillary Clinton that was exposed. Hillary, how do you justify Bird Dogging my campaign?" But Trump is an idiot. He'll never get how to flip attacks back onto the attackers. It requires a kind of mental judo he can't perform.
Pretty much this, with a side of, How do two candidates with such glaring deficiencies get this close to the Oval Office?
Re: Ignores the issue (Score:4, Insightful)
Part of it is idiots crossing party lines to vote for the "easiest to beat" candidate in the party they don't plan to actually vote with in the general.
I get the idea of "strategic" voting, but for the love of freedom, please only do that by voting for "least bad" in the general, rather than sabotaging All of us In the primaries.
Bullshit. Intra-party results in closed primary states mirrored those of the country as a while. There is a lot to debate how Clinton won over Sanders, but there is no debate there were a whole bunch of idiots on the other side of the fence who ENTHUSIASTICALLY went for Trump, hook, line and sinker.
One has to wonder the type of bubble one must live in to buy into that kind of tripe.
Re: (Score:1)
The problem was the crowded Republican field, and the noisiest got a higher percentage, egged on by the media who not only supports Hillary but sold lots of newspapers and air time.
Re: (Score:2)
The problem was the crowded Republican field, and the noisiest got a higher percentage, egged on by the media who not only supports Hillary but sold lots of newspapers and air time.
As a life-long Republican (not for long, I send an voter update to change to independent), I don't buy this. The noisest got a higher percentage because a higher percentage of the constituency are stupid. This is not kindergarten when the teacher ask who can scream "me!" the loudest.
This is a replay of what I saw in 2012, but just worse. Whatever I used to identify myself in the GOP, that's gone, gone for good, eaten inside out by a cancer since 2008, but with cysts growing all over it for the last 20 ye
Re: (Score:1)
Simple. Decent folks generally don't have the desire to rule over others. Creative and intelligent people find they can make more money or achieve happiness in other sectors. The few decent ones don't have the animal instinct and get chewed up and spit out or identified as a threat to the system and filtered out long before they make any headway into the political apparatus.
What you're left with are the semi-intelligent, selfish, power-hungry control freaks.
Re: (Score:2)
What you're left with are the semi-intelligent, selfish, power-hungry control freaks.
Best summary of why we need limited governance and a libertarian philosophy. Everything else leads to despotism.
Re: (Score:2)
Re: (Score:2)
Re: (Score:1)
But Trump is an idiot. He'll never get how to flip attacks back onto the attackers. It requires a kind of mental judo he can't perform.
If you are so smart you should have offered to work as a consultant for $$$
Re: (Score:3)
Trump has great consultants--you can see them on TV and they obviously write great scripts.
He just doesn't listen to them.
Re: (Score:2)
Why would I support a candidate that is opposed to the ideals of Liberty? Trump is an easy foil, mainly because he is an island. Hillary on the other hand, is surrounded by other like minded despots wanting a bit of whatever rule she can hand them once she is in power. The WikiLeaks emails kind of prove this point.
Re: (Score:1)
He brought up her campaign sending thugs in to beat up people, close down highways, other potentially deadly dirty tricks. Right away Hillary's campaign fired those people and she has no knowledge of any of that. Yea, right and Bill Clinton has never violated a woman.
Media spotlight? Bulb is out, socket is broken, wires to the spotlight are cut, generator was destroyed and the fuel is contaminated. Nope, nothing to see here, move along..la la la can't hear you... la la la can't year you...
But boy, look at T
Re:Ignores the issue (Score:4, Insightful)
BTW, the first batch of Obama emails are out: https://wikileaks.org/podesta-... [wikileaks.org]
They're boring, though. Wait for later dumps.
Also, please remember that it may be illegal to view the emails [youtube.com] unless you have CNN authorization. You can learn a lot from CNN, like the fact that we already have congressional term limits [youtube.com]. Someone might want to let Wikipedia know about that [wikipedia.org].
Re: (Score:3)
Re:Ignores the issue (Score:5, Insightful)
Ah yes, the real damaging ones are just around the corner...
It's less than three weeks away, and no modern presidential candidate has ever come from this far behind at this late a date, so if Assange and Friends really are interested in tanking the Clinton campaign, to wait until this late date, AFTER millions have already cast their ballots, would be idiotic.
The alternative explanation is that there really isn't anything there so odious that it's going to make a difference, and this is just Assange's latest "Look at me!" bid.
Probably his last, too, if the rumors that Ecuador is in discussions to kick his ass out of the embassy.
Re: Ignores the issue (Score:2)
Why would the Clinton campaign risk doing anything now, when they're already cruising towards a landslide victory? Trump did a fantastic job of disqualifying himself at the debates; now all they have to do is run out he clock. To try some "October surprise" at this point would gain them very little, but if it went wrong somehow it could hurt them greatly.
Re: (Score:2)
but he also hinted at something big being released at the wikileaks 10th anniversary broadcast which turned out to be absolutely nothing.
Re: (Score:1)
I was surprised by Hillary getting full questions from CNN [wikileaks.org] and topics from Fox [wikileaks.org] before debates. I mean, I should know it's all just a sham. The media, the government, and the DNC are just a puppet show. Lies, brainwashing and propaganda. And democrats are totally fine with this because go blue team go.
So you're not worried about Brexit 2.0? (Score:2)
> It's less than three weeks away, and no modern presidential candidate has ever come from this far behind at this late a date
I can't help but note how carefully this was worded so as to evade both Dewey vs. Truman and Brexit.
Re: (Score:3)
Which, as Nate Silver pointed out, is a very poor example considering the lack of polling at the time, and the fact that even with the limited data, there was some indication of Truman pulling ahead.
http://fivethirtyeight.com/fea... [fivethirtyeight.com]
Re: (Score:2)
See also: http://fivethirtyeight.com/fea... [fivethirtyeight.com]
Re: (Score:1)
"Also, please remember that it may be illegal to view the emails unless you have CNN authorization."
lolcnn: https://popehat.com/2016/10/17/no-it-is-not-illegal-to-read-wikileaks/
Re: (Score:1)
'ER' cough , cough, even Hillary Clinton doesn't believe that and I quote "At The State Department We Were Attacked Every Hour, More Than Once An Hour By Incoming Efforts To Penetrate Everything We Had. And That Was True Across The U.S. Government', yet she choose to ignore her own words to keep secret from the rest of the US government what she was doing on her server, knowing full well of hourly attacks on the State Department, she must have had a pretty powerful reason to ignore her own words. Just to c
Re: (Score:2)
Just as a by the by, it is really bad form to "leave all of our electronic equipment on the plane, with the batteries out", for security services. Proper action is basically honey pot burner phones, given just prior to exit in a known track able state, with the user instructed, that every communication on that device will be recorded by foreign and as well as US agents and ensure all incoming communications to the device are routed for auditing to ensure no accidental leaks. As a temporary device communicat
Re: (Score:2)
Then how about the summary being incorrect? Clicking on the link did not give the attackers access, going to a fake site and giving them the current password did. If this was Gmail, how did the users not get all sorts of alerts about a new machine being logged into their account?
If the attackers did it one time, they'd only have access to past email messages. If was a recurring thing, then they'd have to access it all the time, leaving more clues that someone else was in the victim's ( chump's?) email.
If
Basement theory (Score:3)
A state-sponsered hack group wouldn't make that mistake, would they? Maybe Trump is right and it's just a 400-pound dude in his mom's basement.
Re: (Score:2)
states hide as other states all the time.
china and russia are the top ones.
happens all the time. Basically you have no way to know for sure who did it in many, many cases.
Re: (Score:2)
but the whole "bear" thing is a give away! Only Russia knows about the "bear" thing.
Re: (Score:2)
Re: (Score:1)
I can see them making this mistake... hell just look at all the cluster f*cks the US governments does on a regular basis. But I'm not convinced by the evidence that everyone is throwing out that this is a state sponsored agency.
They targeted government and military targets! Obviously independent hackers would never go after these types of targets.
Guccifer 2.0 said he's in the Ukraine but there are documents in Russian! Russian is the native language for ~30% of Ukrainians. And, anyone over a certain age
Re:Basement theory (Score:5, Insightful)
Circumstantial may mean there's a question mark, but it doesn't mean "no evidence at all". Certainly Russia would gain greatly from a President who was less willing to stand behind the US's European allies, and who, all in all, would likely represent a more inward-gazing US. Russia has no hope in hell of ever militarily dominating the West, but if it can divide, then it gains a great deal of strategic space.
Clinton's victory means the general policy towards Russia that has, by and large, been the US's strategy since the Truman Administration, remains intact, so it is clearly in Russia's interest to try to help the person that at least might represent a break with that strategy.
Yes, it is circumstantial, and there is a possible counterargument that not even Putin actually would want someone as potentially unpredictable as Donald Trump in the White House, but I still lean towards Russia wanting a more isolationist Administration in the White House, much as it wants the European Union and NATO to be weakened. These three entities; the US, the EU and NATO represent significant checks on Russia's ability to project its power, and if any or all of them can be weakened or eliminated, it is of enormous strategic advantage to Russia.
Re: (Score:3)
There's no more likelihood of civil war come November 9th than there was eight years ago when Obama became President. Yes, there will be some miserable losers, and this time they'll have a miserable loser in Donald Trump, but they'll do what they did eight years ago, be assholes on the Internet and get on with their lives.
Re: (Score:2)
My crazy, "deplorable" side almost hopes there is a conflict just so I can say "Trump's people are revolting!".
tl;dr (Score:1)
Phishing.
Looks like it's probably FancyBear hacking group that is responsible.
Therefore "it can only be Russians". There's no other possibility, not even aliens. /s
You can't handle the truth and you can't see the possibly classified evidence that may or may not exist. Trust us.
Re: (Score:3)
1000 shortened URLs/month is a single 'targeted' phishing group?
Nonsense. 1000 shortened URLs/month is an open account being used by many interested parties.
lets see the other 9000 targets. Bet they are clearly from all over the map. I'll further bet CNN will tell us it's illegal to look for ourselves.
Re: (Score:2)
"How Russia Pulled Off the Biggest Election Hack in U.S. History" (OCT 20, 2016 )
http://www.esquire.com/news-po... [esquire.com]
'... the firm said, worked in a way that suggested affiliation with the GRU. Cozy Bear was linked to the FSB."
All that 'immediately discovered", 'several sloppy mistakes" and emoji litter got left.
Such an easy trail of litter for "unprecedented open-source counterintelligence".
Re: (Score:2)
Re: (Score:2)
An "education" link from Goatse U will fix 'em.
"Legitimate" URL Shortening in email is stupid (Score:5, Interesting)
We have most URL shortening services blocked on our email system. It's a policy that has been in place for years - in email, it does not matter how long or ugly the URL is, it should be fully there.
If a service has a way to view the destination without actually going there, we MIGHT let it through. But even that policy needs review. Maybe we just need to crank up the SpamAssassin score by 10.0 for each one found...
Re: (Score:2, Interesting)
URL shortening is stupid everywhere. What is the point? Do people actually type out a shortened URL (vs. copy/paste).
What is the purpose of this "technology", other than accommodating Twitter?
Re: (Score:2)
Sometimes, you have to type them - among their legitimate uses.
Re: (Score:2)
The Russians did it! (Score:1)
Next we're going to hear they have weapons of mass destruction. We must attack now!
Re: (Score:2)
What was the actual vulnerability they used?
Human stupidity. 99% of the time, it works every time.
Re: (Score:2)
Speculation (Score:5, Informative)
That they sent a couple of bit.ly links that got clicked on a couple of times isn't surprising. The source claiming it's all the Russians is the same NSA source that perjured himself in front of congress.
Podesta uses the same password across every service he's on, and didn't even start changing it once his emails started pouring to the public by the thousands. It was likely exposed by a dozen other hacks.
Re: (Score:2)
shocking news: those with desk jobs nowadays actually need a minimum level of tech knowledge to not do incredibly stupid things
who knows, maybe someday people who hold such jobs will actually have to prove a minimum level of desktop computer skills, to keep dumb-asses such as Podesta off company machines. Those of us in IT could then focus on important projects instead of wiping the ass of lusers
Re: (Score:2)
rather than building expensive attempts at an idiot-proofed infrastructure (futile, I've seen bean counter idiots mess up dedicated air gapped dumb terminal finance systems), be cheaper to just not hire them.
Russian Government? Why use a contractor? (Score:3)
If the Russian Government is as good at this shit as they say, why would they outsource it to a Russian firm? That's stupid.
It's like someone wanted a big sign that said RUSSIA DID IT.
Do the TLAs really thing that the Russian Government is going to fake them out by using a Russian firm? How incompetent are our cyber investigators?
Re: (Score:2)
Incompetent? No. Corrupt!
Re:Russian Government? Why use a contractor? (Score:4, Insightful)
I would say they're both as are most people in computer security these days. You cannot identify a state-level attacker, only guess. The Stuxnet is a great example, it's "probably" the US or Israel but you can't say for certain because it leaves no trace.
I must assume given the transparency of the attack this is just a corporate-level hacking group that happened to stumble upon the motherload and probably didn't even realize for months what they had.
Re: (Score:2)
That's "mother lode".
Re: (Score:2)
Stuxnet was Isreal. They 'let it slip' * at the retirement party of the general in charge.
Whoever this is, they're having the time of their lives watching the chaos. I'd buy them a beer. If is was Russians, they would have just extorted the Democrats. This is someone doing it for the luls.
* Could be psych ops.
This AC really wants us to believe (Score:3, Informative)
Lets go back down the stories and their new Bear related findings, spies, moles, data diodes and the private sector.
Starting with "How Hackers Broke Into John Podesta and Colin Powell’s Gmail Accounts"
https://motherboard.vice.com/r... [vice.com]
"It’s unclear why the hackers used the encoded strings, which effectively reveal their targets to anyone."
and finally "None of this new data constitutes a smoking gun that can clearly frame Russia"
So the first hint of something that is not very spy like?
Lets try the other link:
https://theintercept.com/2016/... [theintercept.com] (September 14 2016)
"https://theintercept.com/2016/09/13/colin-powell-emails/"
has "a hacker that many allege to have ties with Russian intelligence." and thats all.
Finally past the two slashdot links and down at
"How Russia Pulled Off the Biggest Election Hack in U.S. History" (OCT 20, 2016 )
http://www.esquire.com/news-po... [esquire.com]
Lets keep reading past the 56k modems and 1950's see whats new.
"immediately discovered two sophisticated groups of spies" They are not great spies if they are "immediately discovered" by the private sector.
"soon able to reconstruct the hacks and identify the hackers." If the entry was so easy to reconstruct, it could be anyone with the skills.
"each of the attackers seemed unaware of what the other was doing" so more than one group used methods out in the wider public at random times?
Sounds like a few different groups are active.
So groups with "immediately discovered" methods must be the GRU and KGB?
"But several sloppy mistakes"... Do spies make so many "sloppy mistakes"? Use of their own language and emoji?
The Germans added their support to 'Fancy Bear" from years ago. Well understood methods by "different" groups that the private sector was well aware of?
The "hackers forgot to set" - that sounds like spies? Such a "rapid public reconstruction" and in public so the media could follow along?
Then onto the NSA, data diodes, and a small hint at a real spy could be in play with "an old-fashioned mole passed on the tools."
How did the other data get out? "Using commercial cloud services to "exfiltrate" data out"
So we are back to ip ranges? "Confident" in URL's and all that code litter that expert "spies" left for the media, private sector and "open-source counterintelligence" to find. Don't forget the easy to find emoji as part of the litter
Re: (Score:1)
So... how's the weather in Moscow, comrade?
idiots (Score:4, Interesting)
These are the idiots who are likely going to win the election, start a cyber war with Russia, and be privy to the innermost secrets of our government. And instead of resigning, Hillary goes on whining about it's all Trump's fault.
For Hillary, it's never Hillary's fault, it's always a Russian conspiracy, or a vast right wing conspiracy, or bad luck, or "I didn't do it", or ... WDATPDIM?
It's sickening.
In the long run (Score:3)
Now we know the truth. Yes, it is a bitter stunning truth, probably harmful truth, but it is the truth. And we could start to figure out what to do about it as grown up people, as opposite to deluded children.
In the Japanese language there are two words for reality. On is a reality as it seems, and another is the reality as it actually is. We need more of the latter and not only from the US.
I do not believe these were pure hacks. I am almost sure that there were inside helpers, individuals who want us to know the reality as it is.
How oblivious do you have to be? (Score:2)
The phishing email that Podesta received on March 19 contained a URL, created with the popular Bitly shortening service, pointing to a longer URL that, to an untrained eye, looked like a Google link.
I can sympathize with Podesta for not knowing much if anything about how the internet works, but is he so oblivious that he's never heard you shouldn't click any old link that lands in your Inbox?
Maybe Podesta and many other people just zone out when they hear the multitude of stories over the years about not trusting e-mail and not clicking on links you're unsure of.
He should at least realize that he's a high value target for hackers. He should at least have someone on his staff who would make sure he un
Re: (Score:1)
All he had to do is ask the inventor - Al Gore.
I know, I know... Couldn't resist.
NOT Russians (Score:1)
> ...believe are spies working for the Russian government.
Stop saying this. There is no proof, let alone any compelling evidence, that the Russians are orchestrating these hacks. If you believe this then you also believe North Korean hacked Sony, and a shitty anti-Mohammed movie sparked riots in Benghazi. They are lying to you.
Next up for Dipshit Podesta: (Score:1)
I really don't care how they did it. (Score:1)
An informed observer's comment on Podesta leak (Score:1)
I hesitate to post this. Last week I was at a small meeting here in Austin, TX. The speaker was a former senior U.S. intelligence official. The meeting was open and I heard nothing that I thought was classified or very surprising.
In the question period a person asked if the Podesta email leak was done by the Russians and was Putin trying to elect Trump. The speaker's answer was that the intelligence community consensus is that the Podesta leak was probably Russian in origin (I’m not sure he said
Solution is so easy (Score:1)
All Podesta had to do is run his own e-mail server then none of this would have happened. No G-mail to hack.
Heh