Syrian Electronic Army hacked White House employees personal emails

At least three White House employees personal Gmail accounts hacked by the popular group of hackers knows as Syrian Electronic Army (SEA).

White House employees personal email hacked, it is happened to three staffers that suffered data breaches on their personal Gmail accounts. The source of intelligence revealed a link between this attack and the hack that targeted the Obama administration’s social media recently.

The scheme of attack is simple as dangerous, hackers have hacked White House employees personal email and then have used them to spread malicious email containing links to compromised web site hosting exploits to steal email logins and social media credentials. The “phishing” links were specifically crafted to look like legitimate BBC or CNN new, in reality they direct users to fake Gmail or Twitter login form to access the news content.

The unwittingly users have been rerouted to fake login forms that enable hackers to gather  White House employees’ credential. Harvesting Gmail account information attacker might be to capture administration related email messages and contacts. Government accounts are considered strategic for cyber espionage campaign, using them it is possible to compromise other members of the staff and create fake accounts to establish a network of fake accounts on social media.

Compromised social media accounts could be used to spread fake and disturbing news, exactly as happened a few months ago with Associated Press Twitter account that disseminated the news of an attack to the White House.

It must be also considered that despite White House employees are prohibited by policy from using personal Webmail accounts for business communications, many of them in reality use personal email also on workspace.

The Nextgov portal reported:

“The Presidential Records Act bars work communication outside of official email accounts. However, a 2012 House committee report showed that former White House Deputy Chief of Staff Jim Messina used his personal email account to conduct official business involving a deal between the pharmaceutical industry and the Senate Finance Committee. And in 2010, the Washington Post reported that administration officials reprimanded then White House Deputy Chief Technology Officer Andrew McLaughlin, a former Google official, after document requests revealed technology policy-related emails from Google employees in his personal Gmail account.”

According the first news more than a dozen current and former White House employees were already targeted, no doubts on the motivation of the attack, hackers are interested to government information.

The attackers have targeted White House social media employees because it is relatively easy to gather information on them with OSINT analysis, their names, email addresses and social media accounts are in fact publicity available due their job role.

Who is behind the attack?

It seems that a Syrian Electronic Army hacker revealed to former Reuters editor Matthew Keys that Google Mail personal accounts of three White House staff members, Erin Lindsay, Macon Phillips and Adam Garber, were compromises as part of a larger cyber espionage campaign to that targeted social media accounts used by the White House employees.

Keys published a post on his website revealing that Syrian Electronic Army group also claims to have access to a message forwarded by Lindsay from her White House email address to her personal Gmail account which included what appeared to be passwords that might have given the group access to the Twitter and Facebook accounts of the White House.

The investigation is ongoing but standing in the first news the group did not succeed to access to any official White House email addresses or social media profiles.

If you are interested for more information on Syrian Electronic Army I suggest you a post from FireEye

Pierluigi Paganini

(Security Affairs – Syrian Electronic Army, hacking, White House)