How Syrian Hackers Messed With President Obama

Future Tense
The Citizen's Guide to the Future
Oct. 28 2013 4:45 PM

How Syrian Hackers Messed With President Obama

The Syrian Electronic Army, a pro-Assad hacker group, posted a screenshot of an Organizing for America staffer's Gmail account, which it apparently used to tamper with links sent from Barack Obama's Facebook and Twitter feeds Monday.
The Syrian Electronic Army, a pro-Assad hacker group, posted a screenshot of an Organizing for America staffer's Gmail account, which it apparently used to tamper with links sent from Barack Obama's Facebook and Twitter feeds Monday.

Screenshot / Twitter

For a few hours on Monday, links sent from President Obama's official Twitter and Facebook feeds redirected users to a Syrian Electronic Army site that showed a 24-minute propaganda video for the Syrian regime.

Will Oremus Will Oremus

Will Oremus is Slate's senior technology writer.

The social-media blog Mashable initially reported that the SEA claimed to have hacked Obama's Twitter and Facebook feeds themselves. But that may not be quite right, as an update to the Mashable post explains.

Advertisement

In fact, as Quartz's Christopher Mims confirmed, the hackers broke into the Gmail account of at least one staffer at Organizing for Action, the nonprofit that was formed in the wake of Obama's 2012 campaign. From there, they appear to have broken into some of the group's accounts with various social-media tools. The Daily Beast's Brian Ries reports that the hackers may have altered Obama's Facebook and Twitter links through a URL-shortening service called ShortSwitch, perhaps by finding records of OFA staffers' passwords in their email inboxes. The hackers also appear to have infiltrated the group's account with Blue State Digital, the tech-services firm that consulted for both Obama campaigns. Blue State Digital's website was inaccessible Monday afternoon.

Regardless of the details, the Organizing for America staffer told Quartz's Mims that the group has changed its passwords and added two-factor authentication to its Gmail accounts. The links appeared to be fixed early Monday afternoon.

Obama is the latest in a long line of high-profile targets of Syrian Electronic Army hacks, including the Associated Press, The Onion, Twitter, and more. As I explained in August, the SEA has been able to deface the websites and social-media accounts of even highly security-conscious targets—President Obama would certainly fit into that category—by infiltrating the accounts of less-careful people, companies, and Web tools that those targets rely on. In almost every case, the hack has originated with a successful phishing attack, in which hackers attempt to trick someone into giving up important information (such as account logins and passwords) that can then be used against them.

The good news now, as then, is that the Syrian Electronic Army rarely inflicts much harm. As long as their aim remains spreading propaganda, as opposed to wreaking genuine havoc, the attacks are no cause for panic.

In fact, the hacks' greatest impact so far may be as highly visible public-service announcements for the perils of phishing attacks and the importance of two-factor authentication. I'll give Ries the final word for now:

Future Tense is a partnership of SlateNew America, and Arizona State University.

  Slate Plus
Working
Nov. 27 2014 12:31 PM Slate’s Working Podcast: Episode 11 Transcript Read what David Plotz asked a helicopter paramedic about his workday.