White House Staffers Pwned By Prankster Via Email

Cyber security was supposed to be a top of mind item for the folks running the US right now. But if I had to grade them on their efforts, that grade would be “F” based on the news that White House staffers fell victim to a social engineering attack:

A self-described “email prankster” in the UK fooled a number of White House officials into thinking he was other officials, including an episode where he convinced the White House official tasked with cyber security that he was Jared Kushner and received that official’s private email address unsolicited.

“Tom, we are arranging a bit of a soirée towards the end of August,” the fake Jared Kushner on an Outlook account wrote to the official White House email account of Homeland Security Adviser Tom Bossert. “It would be great if you could make it, I promise food of at least comparible (sic) quality to that which we ate in Iraq. Should be a great evening.”

Bossert wrote back: “Thanks, Jared. With a promise like that, I can’t refuse. Also, if you ever need it, my personal email is” (redacted).

Bossert did not respond to CNN’s request for comment; the email prankster said he was surprised Bossert responded given his expertise. The emails were shared with CNN by the email prankster.

Now, you’re likely wondering what the big deal is. As famed hacker Kevin Mitnick pointed out in his book The Art Of Deception, all the firewalls and security software in the world won’t save you from someone who leverages people to get the information that they want from computer systems. Thus, if this wasn’t a prankster, but instead it was a nation state looking to pwn the White House, the lack of security awareness by these people could be catastrophic.

It looks like the US Government needs some remedial education when it comes to cyber security.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: