Quartz has confirmed with the Barack Obama campaign staffer whose email inbox was splashed across the Twitter account of the Syrian Electronic Army that her Gmail account, and those of “lots” of other staffers, was compromised over the weekend.
This suggests a fairly straightforward explanation for how Obama’s Twitter account, with 39 million followers, is as of this writing sending users who click on its links to a video created by the Syrian Electronic Army:
1. Through a “phishing” attack, the Syrian Electronic Army (SEA) gained access to multiple Gmail accounts belonging to Organizing for Action, Obama’s grassroots campaign organization. In most phishing attacks, a fake email with a booby-trapped link is sent to targets, who may be redirected to sites where they’re asked to re-enter their login and password. This is a favorite tactic of the SEA.
2. Probably using a password obtained through a compromised Gmail account, the SEA got access to the campaign’s account with a link shortening service, ShortSwitch.
3. The hackers then changed all the links in the Obama Twitter feed belonging to OFA to redirect to a video created by the Syrian Electronic Army.
A screen shot posted by the Syrian Electronic Army suggests that members of the SEA also accessed Organizing for Action’s account at Blue State Digital, a service that has helped Obama’s campaign build a number of sites.
It may be that this was how the SEA got access to ShortSwitch, but it’s not clear if that’s a possibility. Quartz contacted Blue State Digital, which declined to comment immediately.
(Thanks to Fruzsina Eördögh, Brian Ries, Andy Carvin, and Wexler for assisting in the reporting of this story.)