White House staffers phished by Syrian Electronic Army

0

Three personal email accounts belonging to staff members at the White HOuse were compromised over the weekend by the Syrian Electronic Army, a hacker with the group told The Desk on Tuesday.

A screen capture provided to The Desk by a member of the SEA shows a compromised account belonging to a White House staff member.

A screen capture provided to The Desk by a member of the SEA shows a compromised account belonging to a White House staff member.

Google Mail accounts belonging to Erin Lindsay, Macon Phillips and Adam Garber were phished as part of a larger campaign by the SEA to compromise official social media accounts used by the White House.

A member of the SEA provided several screen grabs on Tuesday purporting to show messages forwarded by Lindsay from her official White House email address to her Gmail account. Those messages included what appeared to be passwords, which the SEA believes would have given them access to the Twitter and Facebook profiles of the White House.

The SEA hoped that access to the personal email accounts would enable the group to impersonate White House staff members, allowing them to send phishing emails to official White House email addresses. The plan was for the group to them compromise social media profiles used by the White House, as the SEA happy wheels has successfully done in past cases involving news organizations and VoiP applications.

The campaign failed when one unidentified White House staffer caught wind of the attack. That staff member emailed others on the White House team to warn them about the campaign.

“They really were lucky,” a SEA hacker who goes by the moniker Th3Pr0 told The Desk on Tuesday. “It was (a) really great experience, having a try to hack the White House. And somehow it succeeded and it failed at the same time.”

The campaign also failed because White House staffers appear to change the passwords of the official social media profiles on an almost daily basis, the group said. Passwords contained in messages forwarded by Lindsay’s White House account to her Gmail had expired by the time the SEA gained access to her inbox.

The group said they were unable to phish any official email addresses or social media profiles used by the White House. An email sent to Lindsay’s government email address returned an automated vacation message indicating she would be unavailable for comment until August 5.

Email messages sent to other White House staff members on the digital team went unreturned as of Tuesday evening.

[Update: A White House official forwarded The Desk's inquiry for comment to National Security Council spokesperson Caitlin Hayden, who then referred our comments to the FBI. Hayden confirmed to The Desk that the FBI is investigating the incident.]

Comments

Share.