Don't those screenshots just show domains crafted deceptively to look like Google domains? I don't see any legitimate Google ones.
> “We are approaching the point in this case where there are only two reasons for why people say there’s no good evidence,” Rid told me. “The first reason is because they don’t understand the evidence—because the don’t have the necessary technical knowledge. The second reason is they don’t want to understand the evidence.”
Is there anywhere we can see this evidence? Objectively I'm curious how an attack which consisted of basic phishing was determined to be definitively supported by the Russian government.
If they broke SHA-256 or coerced a Russian CA to generate a Google certificate, I'd agree... but using bitly and decades-old "click this link to reset your password" links? Come on.
Notice in one of the last screenshots, the link actually points to a real Google.com domain, but in the /amp/ destination, under which a tiny(cc) link was hidden and therefore fetched the content that "seemed like" it came from Google when Google merely acted as a CDN.
