The Desk appreciates the support of readers who purchase products or services through links on our website. Learn more...

White House staffers phished by Syrian Electronic Army

Three personal email accounts belonging to staff members at the White HOuse were compromised over the weekend by the Syrian Electronic Army, a hacker with the group told The Desk on Tuesday.

A screen capture provided to The Desk by a member of the SEA shows a compromised account belonging to a White House staff member.
A screen capture provided to The Desk by a member of the SEA shows a compromised account belonging to a White House staff member.

Google Mail accounts belonging to Erin Lindsay, Macon Phillips and Adam Garber were phished as part of a larger campaign by the SEA to compromise official social media accounts used by the White House.

A member of the SEA provided several screen grabs on Tuesday purporting to show messages forwarded by Lindsay from her official White House email address to her Gmail account. Those messages included what appeared to be passwords, which the SEA believes would have given them access to the Twitter and Facebook profiles of the White House.

The SEA hoped that access to the personal email accounts would enable the group to impersonate White House staff members, allowing them to send phishing emails to official White House email addresses. The plan was for the group to them compromise social media profiles used by the White House, as the SEA has successfully done in past cases involving news organizations and VoiP applications.

The campaign failed when one unidentified White House staffer caught wind of the attack. That staff member emailed others on the White House team to warn them about the campaign.

“They really were lucky,” a SEA hacker who goes by the moniker Th3Pr0 told The Desk on Tuesday. “It was (a) really great experience, having a try to hack the White House. And somehow it succeeded and it failed at the same time.”

The campaign also failed because White House staffers appear to change the passwords of the official social media profiles on an almost daily basis, the group said. Passwords contained in messages forwarded by Lindsay’s White House account to her Gmail had expired by the time the SEA gained access to her inbox.

The group said they were unable to phish any official email addresses or social media profiles used by the White House. An email sent to Lindsay’s government email address returned an automated vacation message indicating she would be unavailable for comment until August 5.

Email messages sent to other White House staff members on the digital team went unreturned as of Tuesday evening.

[Update: A White House official forwarded The Desk‘s inquiry for comment to National Security Council spokesperson Caitlin Hayden, who then referred our comments to the FBI. Hayden confirmed to The Desk that the FBI is investigating the incident.]

Photo of author

About the Author:

Matthew Keys

Matthew Keys is an award-winning journalist with more than 10 years of experience covering the business of television and radio broadcasting, streaming services and the overall media industry. In addition to his work as publisher of The Desk, Matthew contributes regularly to StreamTV Insider and KnowTechie, and has worked for several well-known news organizations, including Thomson Reuters, McNaughton Newspapers, Grasswire, Comstock's magazine, KTXL-TV and KGO-TV. Matthew is a member of IRE, a trade organization for investigative reporters and editors, and is based in Northern California.

Email: [email protected] | Signal: 530-507-8380