Phishing.
A few times a year, someone I know has their Windows machine hacked. The malware goes through the person's contact list and sends each an email with some sort of proposition to click on a link. A link to share a document or change your password.
Click on the link and you end up on some www site in Poland that looks pixel perfect like a Google reset your password screen.
Unsophisticated users type in their old password, then new one and the hacker now has the password.
This is the scheme that is claimed to get into Podesta's emails. The problem is that the hacker only gets into Podesta's mailbox, not everyone else's.
Of course the hacker will go through Podesta's contact list and send out more of those Phishing emails. It's not clear how many of these highly educated academics fell for the scam, but they all would have had to to produce the entire contents of the DNC's email files stored on their mail server.
While I have seen these Phishing emails among the WikiLeaks files, there is only proof of someone clicking on the link if they admit to it. Not seen that admission yet.
That server in Poland isn't owned by the hacker crew. That would be foolish. They hacked that system so they could not ge traced.
To hack servers, the hacker needs only infect one computer on the internet. The infected computer then goes about trying to hack into other computers at random. Once that computer is compromised, you now have two systems hacking the rest. Then 4, 8, 16, etc. the size of a botnet controlled by hackers can be enormous.
If the hacker controls 10,000 machines and tells the to connect to google over and over, it's a sizable denial of service attack. In reality, 10,000 machines is a puny botnet. The hacker lets his net grow for months until they're in the millions of machines.
The tools to do this kind of thing are freely available to download. Google search might tell you some to try. I wouldn't though, because they are just as likely to hack you right there. But the hackers snapchat, or whatever, and tell each other where to go.
It doesn't take a state sponsor to create the exploits or the hacking tools. It takes one guy with programming skills. He makes the exploit, and 12 year olds with very little skill can download and deploy them.
The hacker tools are designed to limit detection. In fact, almost all people who've been hacked don't realize it at all. The things are incredibly devious. If you are infected, you may as well throw out the whole computer. The hacker tools are designed to install themselves in non volatile memory (like where the system date/time are kept), hidden on your hard disk, or potentially upstream - like your wifi router or your ISP's router.
There's no reason a hacker will directly connect from his machine to any of his botnet. He'd use a proxy connected to a vpn connected to a proxy, etc. the final leg of the connection might look like Russia, or Poland, or China, but the hacker might be in New Jersey somewhere. Each vpn along the way from New Jersey to Russia to he DNC is heavily encrypted.
Like I wrote earlier, the government would have to be at every link along the way from New Jersey to DNC to prove the origin is New Jersey.
It's even trickier when the origin is a server hacked long ago with a timer that counts down and originates the mischief. It would take years of continuous surveillance of every computer on the Internet to even begin to figure out when the time bomb was set and the vpn and proxy path used to set the timer in motion.
