A self-described “email prankster” in the UK fooled a number of White House officials into thinking he was other officials, including an episode where he convinced the White House official tasked with cybersecurity that he was Jared Kushner and received that official’s private email address unsolicited.
(via CNN)
“Tom, we are arranging a bit of a soirée towards the end of August,” the fake Jared Kushner on an Outlook account wrote to the official White House email account of Homeland Security Adviser Tom Bossert. “It would be great if you could make it, I promise food of at least comparible (sic) quality to that which we ate in Iraq. Should be a great evening.”
Bossert wrote back: “Thanks, Jared. With a promise like that, I can’t refuse. Also, if you ever need it, my personal email is” (redacted).
The email prankster said he was surprised Bossert responded given his expertise.
White House officials acknowledged the incidents and said they were taking the matter seriously. “We take all cyber related issues very seriously and are looking into these incidents further,” White House press secretary Sarah Huckabee Sanders told CNN.
Cyber experts consulted by CNN say the incidents are illustrative of how vulnerable Americans — even those in the highest reaches of power — remain to the potential threat of spear-phishing, the process through which officials are duped by hackers, and expose government computers and systems to various cyber threats.
No one in any of these situations clicked any links making them vulnerable, and the prankster appears motivated by mischief not anything more malignant, so the severity of these White House pranks should not be overstated. But spear-phishers often begin the process by falsely posing as a friend or associate before asking the victim to take further action.
“This shows how susceptible government officials are to spear-phishing in general,” Adam Malone, a former cyber specialist and special agent for the FBI, told CNN. “Spear-phishing is the most common technique used by hackers to gain access to their victims. This information shines a light on how easy it is for people to build trust with unverified individuals.”
Former Hillary Clinton campaign chair John Podesta infamously fell victim to such a trap, though the person who preyed on him had more nefarious intentions than mockery.
“I try and keep it on the humorous side of things,” the email prankster told CNN. “I’m not trying to get the keys to the vault or anything like that.”
One such exchange appears to have possibly played a role in the tensions between then- White House Communications Director Anthony Scaramucci, who resigned from his job earlier today, and since-fired White House Chief of Staff Reince Priebus.
Masquerading as Priebus, the prankster emailed Scaramucci’s official account using a mail.com account on Saturday, the day after Priebus’ resignation was announced.
“I had promised myself I would leave my hands mud free,” wrote the fake Priebus, “but after reading your tweet today which stated how; ‘soon we will learn who in the media has class, and who hasn’t’, has pushed me to this. That tweet was breathtakingly hypocritical, even for you. At no stage have you acted in a way that’s even remotely classy, yet you believe that’s the standard by which everyone should behave towards you? General Kelly will do a fine job. I’ll even admit he will do a better job than me. But the way in which that transition has come about has been diabolical. And hurtful. I don’t expect a reply.”
The very real Scaramucci responded: “You know what you did. We all do. Even today. But rest assured we were prepared. A Man would apologize.”
Fake Priebus wrote back: “I can’t believe you are questioning my ethics! The so called ‘Mooch’, who can’t even manage his first week in the White House without leaving upset in his wake. I have nothing to apologize for.”
Actual Scaramucci responded: “Read Shakespeare. Particularly Othello. You are right there. My family is fine by the way and will thrive. I know what you did. No more replies from me.”
In another exchange, Scaramucci was hoodwinked by the same prankster pretending to be Ambassador to Russia-designate Jon Huntsman Jr.
“Who’s (sic) head should roll first?” the bogus Huntsman asked from a Gmail account on Friday, before the Priebus termination had been announced. “Maybe I can help things along somewhat.”
“Both of them,” responded the real Scaramucci, in an apparent reference to both Priebus and White House Senior Adviser Steve Bannon, about whom Scaramucci has been quite critical.
After a few other nice messages of support from faux Huntsman, Scaramucci wrote, “Are you in Moscow now? If not please visit.”
Huntsman himself was also tricked, with the prankster pretending to be Eric Trump, the President’s son. “Thanks for the thoughtful note,” the ambassador-designate wrote to fake Eric Trump. “Russia will be a challenging but no doubt rewarding assignment.” The fake Eric Trump responded with this suggestion: “Maybe we could have Dad sat (sic) on a horse, top off, giving the full Putin! He’s in better shape than his suits suggest.”
Eric Trump, too, was similarly hoodwinked by the prankster emailing as his older brother, Donald Trump Jr., but he soon caught on and responded, “I have sent this to law enforcement who will handle from here.”
Neither Huntsman nor Trump would comment on the record.
The email prankster told CNN he never heard from anyone in law enforcement about his email to Eric Trump.
The email prankster tweets under the name @SINON_REBORN, where he posts his pranks, and describes himself as a “lazy anarchist.”
In June, he hoodwinked Lloyd Blankfein, CEO of Goldman Sachs and Michael Corbat of Citigroup, and he did the same to Barclays CEO Jes Staley in May. Staley, thinking he was being emailed by Barclays chairman John McFarlane, praised the man he thought was his colleague in effusive detail, saying among other things that he had “all the fearlessness of Clapton.” The prankster said Staley was the most surprising of the responses, because it was the first one and because “he responded in such gushing detail.”