[heatish]

There's actually quite a lot of evidence that it was a politically motivated spear phishing campaign from FancyBears, which is most likely from Russia. So technically yes there's no definitive, smoking gun proof but "no proof for this claim" seems to be a bit dismissive of some glaring hints. It certainly wasn't just a "generic phishing page" or guessing of a weak password.

They went after quite a few politicians on both sides of the aisle and journalist's, the Podesta camp just happened to be the ones who fell for it.

https://www.secureworks.com/research/threat-group-4127-targe...

https://arstechnica.com/information-technology/2016/10/russi...

[acdha]

Just to add to this, https://en.wikipedia.org/wiki/Fancy_Bear has links to multiple security companies which have publicly drawn the link to the Russian government.

The list of targets is also convincing: various NATO organizations but also things like the World Anti Doping Agency at the time the Russian Olympic team was being disqualified from everything. You could argue that, say, China might be interested in hacking the US or France but Eastern Europe and WADA really aren’t of interest to most other major powers.

[equalunique]

Keep in mind that the companies which pointed to Russia also have contracts with the executive office of the president - i.e., making up stories to support the administration's narrative is good for business. Let's be honest, this is Washington D.C. we're talking about, and that level of collusion is nothing new. I'm sure the administration offered perks to anyone who could present convincing "evidence" of a Russian connection.

Let's also not forget that the initial Fancy Bear claim was discredited: https://www.voanews.com/a/cyber-firm-rewrites-part-disputed-...