Quartz has confirmed with the Barack Obama campaign staffer whose email inbox was splashed across the Twitter account of the Syrian Electronic Army that her Gmail account, and those of “lots” of other staffers, was compromised over the weekend.
This suggests a fairly straightforward explanation for how Obama’s Twitter account, with 39 million followers, is as of this writing sending users who click on its links to a video created by the Syrian Electronic Army:
1. Through a “phishing” attack, the Syrian Electronic Army (SEA) gained access to multiple Gmail accounts belonging to Organizing for Action, Obama’s grassroots campaign organization. In most phishing attacks, a fake email with a booby-trapped link is sent to targets, who may be redirected to sites where they’re asked to re-enter their login and password. This is a favorite tactic of the SEA.
3. The hackers then changed all the links in the Obama Twitter feed belonging to OFA to redirect to a video created by the Syrian Electronic Army.
It may be that this was how the SEA got access to ShortSwitch, but it’s not clear if that’s a possibility. Quartz contacted Blue State Digital, which declined to comment immediately.
Network intrusion / Spear-phishing
See threatwatch report