Three White House staffers have had their personal Gmail accounts breached in what appears to be a malicious operation directed at the team responsible for the Obama administration's social media outreach, according to individuals familiar with the incident.
The penetrated accounts have been sending other White House digital media employees bogus emails containing fraudulent links that can extract their personal email logins and Twitter credentials. More than a dozen current and former staffers were targeted, the individuals said. The scheme was ongoing as of Sunday night.
The goal of the intruders might be to glean sensitive government information, some cyber researchers said. White House personnel are prohibited by law from using personal Webmail accounts for business communications, but not all employees comply with the rules. The Twitter scam could be aimed at spreading misinformation through seemingly-official channels to citizens.
The “phishing” links -- labeled to look like legitimate BBC or CNN articles -- direct users to an authentic-looking Gmail or Twitter login screen to access the news content. At this point, the users have unwittingly been rerouted to fake login forms that enable hackers to capture their sign-on information.
White House social media employees might be relatively easy game within the administration, since their role is to make the executive branch more open to the public. "I imagine that the names and email addresses of people at the White House in digital media or anything related to media are easy to find since their job involves public access. A list of targets would be created from open sources and that's who the phishing email would be delivered to," said Jeffrey Carr, a cybersecurity analyst with consultancy Taia Global.
The objective for harvesting Gmail account information might be to capture administration-related email messages and contacts, he speculated.
The Presidential Records Act bars work communication outside of official email accounts. However, a 2012 House committee report showed that former White House Deputy Chief of Staff Jim Messina used his personal email account to conduct official business involving a deal between the pharmaceutical industry and the Senate Finance Committee. And in 2010, the Washington Post reported that administration officials reprimanded then White House Deputy Chief Technology Officer Andrew McLaughlin, a former Google official, after document requests revealed technology policy-related emails from Google employees in his personal Gmail account.
The purpose of assembling Twitter sign-on information might be to disseminate disruptive messages, Carr postulated. This spring, a hacked Associated Press Twitter account informed the public that explosions at the White House had harmed the president. The Dow tumbled in response.
Sources familiar with the Gmail hack say the ploy is unique in the White House. In the past, one or two staffers who used two-step authentication to protect their Gmail accounts would receive text messages, indicating someone had entered the correct password to trigger the text authentication code.