Syrian Electronic Army phishes White House staffers
The SEA took to Twitter earlier this week to take credit for a semi-successful phishing attack against White House staffers. Members of the hacking group were successful in compromising the email accounts of three staffers, but the official White House social media passwords they obtained were already outdated.
Dh4MZn6ZclWJ57n, O,#5+4m)PR4d-k[, 6^31<=l'5;g#.-4/;=!&1>Y/C, All are old passwords for the @whitehouse account, You were lucky this time.— SyrianElectronicArmy (@Official_SEA12) July 30, 2013
The SEA also posted an apparent password for the White House’s HootSuite account, used to manage the administration’s Twitter presence.
According to Matthew Keys at the Desk, SEA hackers successfully phished the accounts of Erin Lindsay, Macon Phillips and Adam Garber. All three are members of the Obama administration's office of digital strategy. The SEA tweeted a screen grab claiming to show a message forwarded from Lindsay's White House email account to her personal Gmail account in order to prove the success of their phishing tactics.
The message contained passwords that members of the SEA hoped would give them access to official White House Twitter and Facebook pages, but because these accounts change their passwords practically every day for security reasons, the hackers were unable to seize control of the accounts.
The White House did not reply to the Daily Dot's request for comment, referring all media inquiries to the FBI, which is leading the investigation.
According to PC Magazine, the hackers secured these passwords by sending emails to White House staffers that included links to apparent news stories from CNN or the BBC. After clicking these links, however, the users were asked to sign in via Gmail or Twitter to read them. Several of the staffers evidently fell for the trap and entered their passwords, compromising their own accounts.
In addition to the White House's constantly changing passwords, an unnamed White House staffer quickly took note of the phishing scheme and raise the alarm.
The SEA is a supporter of the embattled Syrian leader Bashar al-Assad, but claims no official connection to any government. The group has hacked a number of high profile media sites in recent months, including NPR, Thomson Reuters, the Onion, and even the Daily Dot itself.
Image via Syrian Electronic Army/Twitter