You may remember that we recently went through a national election that was, in large part, about email security. Well, about that: News broke Monday night that numerous members of the Trump administration had exchanged emails with a prankster pretending to be White House staff.
The whole situation is as troubling as it is ridiculous. The prankster—who also duped the CEOs of Goldman Sachs and Citigroup in June and goes by @SINON_REBORN on Twitter—even tricked the White House homeland security adviser, Thomas Bossert, into assuming he was writing to Jared Kushner. Bossert, who was a fellow at the Atlantic Council’s Cyber Statecraft Initiative before joining the White House, is supposed to be an expert on cyber security.
The absurdity of the exchanges, which were first published on CNN, illustrates just how unprofessional and at times hostile the White House staff can be—but perhaps more importantly, it also points to a weak culture of digital security that could pose a serious threat to national security.
After all, if senior officials—including, again, a cybersecurity expert—don’t have enough basic digital security training to spot fake or malicious emails, there’s no telling what else people in the White House have clicked on. The whole network and computer system used by Trump’s administration may well be infested with malware. That’s because one of the most common ways people are attacked online is by opening emails that look like they come from a trusted source. If the unlucky target clicks on a link or an attachment in the email, it can trigger the installation of spyware. This is how an attack over Gmail spread in May, when more than 1 million people were tricked into downloading malware that looked like a link to a Google Document.
Hackers may also court people to responding to their fake email with sensitive information, like passwords, bank numbers, or in the case of the White House, national intelligence.
What’s alarming is how forthcoming Trump’s White House staff was with interpersonal details about other staff in the administration. For instance, the prankster tricked Anthony Scaramucci, the then-White House communications director, into thinking he was emailing with former White House Chief of Staff Reince Priebus, who had been fired the day before the fake email was sent.
That exchange is worth reading in full:
The fake Prebius wrote: “I had promised myself I would leave my hands mud free, but after reading your tweet today which stated how; ‘soon we will learn who in the media who has class, and who hasn’t’, has pushed me to this. That tweet was breathtakingly hypocritical, even for you. At no stage have you acted in a way that’s even remotely classy, yet you believe that’s the standard by which everyone should behave towards you? General Kelly will do a fine job. I’ll even admit he will do a better job than me. But the way in which that transition has come about has been diabolical. And hurtful. I don’t expect a reply.”
To which Scaramucci replied: “You know what you did. We all do. Even today. But rest assured we were prepared. A Man would apologize.”
Fake Prebius: “I can’t believe you are questioning my ethics! The so called ‘Mooch’, who can’t even manage his first week in the White House without leaving upset in his wake. I have nothing to apologize for.”
Real Scaramucci: “Read Shakespeare. Particularly Othello. You are right there. My family is fine by the way and will thrive. I know what you did. No more replies from me.”
Other fake emails sent by the prankster include correspondence between the real Scaramucci and an email pretending to be from the Ambassador to Russia-designate Jon Huntsman Jr., as well as exchanges between the real Huntsman and emails sent by the prankster pretending to be Eric Trump. But the real Eric Trump, for his part, wasn’t so easily duped. CNN reported that he quickly caught on to the fraud and replied to tell the prankster his email had been forwarded to law enforcement.
This isn’t a new problem. Even the since-fired director of the FBI, James Comey, responded to a fake email sent by Gizmodo in April, as did Newt Gingrich, who is an informal adviser to the president.
Since becoming President, Trump has said that he aims to crack down on leakers. But considering how the email trickster, who told CNN he was only trying to be “humorous,” was able spark conversation with individuals at the highest level of the U.S. government with only a few fake emails, the White House’s shoddy cybersecurity protocols may be causing much of its own communications to leak out like a sieve.