The Syrian Electronic Army has been busy over the last few days, and has managed both to hijack the official Reuters Twitter account and to compromise personal email accounts of a number of White House staffers.
The tweet string ended with an image of the hacker group logo, and a message from the group claiming credit for the hack:
Reuters and Twitter reacted nearly an hour later, and the compromised Twitter account was temporarily suspended. It is now back online, and the offending tweets have naturally been deleted.
The hacker group has boasted about the attack, but has not shared information on how they managed to pull it off. More likely than not, they have sent a phishing mail to one of Reuters’ employees that was responsible for updating the organization’s Twitter account.
Three White House staffers have fallen for that particular scheme over the weekend, and have had their personal Gmail accounts compromised. The hackers then used them to send phishing emails to their colleagues.
According to Nextgov, the initial phishing emails contained links labeled to look like legitimate BBC or CNN articles. But, once the victims clicked on them, they led to a spoofed Gmail or Twitter login screen, making them think that they were required to log into their accounts in order to peruse the articles.
Apart from becoming a staging point for other phishing attacks, the compromised email accounts are also likely to yield some sensitive government-related information – despite the fact that it is illegal for White House staffers to use personal email accounts for business communications.
Compromised Twitter accounts are helpful for spreading false information, as evidenced by the April incident when the hijacked Twitter account of the Associated Press ran the “news” that there had been two explosions in the White House and that U.S. President Barack Obama had been injured.