Americans in the land’s highest office apparently have the tech skills of our grandparents. When White House staffers received emails from coworkers that came from mail.com and outlook.com domain addresses, they assumed they were real. The staffers even turned around and provided their personal email addresses to the prankster.
Not Exclusive to the Trump Administration’s White House
The emails were sent by a self-described prankster known on twitter as @SINON_REBORN. The individual claims to have successfully spear-phished multiple White House officials including Anthony Scaramucci. He also tricked opera singer Katherine Jenkins into believing she was invited to perform a show for a Saudi prince.
I targeted @Scaramucci as i’ve suffered from mental health problems all my life, and he seems to think paranoid schizophrenia is a put down
— EMAIL PRANKSTER (@SINON_REBORN) August 1, 2017
Although it’s good for a short laugh, the White House is lucky enough that it wasn’t someone with a true malicious intent. Successfully phishing a government official takes very little skill. If the prankster had been interested in getting folks to divulge secrets, then it’s likely he would have succeeded.
What’s more disturbing is Homeland Security Adviser Tom Bossert was also hoodwinked by a fake Jared Kushner email account. Here you have a man who should simply know better and yet, he didn’t.
Notice that the White House email system even tagged the subject line as [SUSPECTED_SPAM] and the warning was completely ignored.
White House officials have tools in place to determine when an email is from a trusted source. Cyber security protections in place include encryption and digital signatures. These tiny files essentially guarantee that an email is coming from an legitimate source. Unfortunately, it’s clear that at the White House, those tools are often ignored. It’s only a matter of time before this ignorance costs the American people.
Sharif Jameel is a business owner, IT professional, runner, & musician. His professional certifications include CASP, Sec+, Net+, MCSA, & ITIL and others. He's also the guitar player for the Baltimore-based cover band, Liquifaction.
I hear this guy does this stuff all the time.