The Syrian Electronic Army is at it again, this time targeting Barack Obama’s campaign social media accounts and website. It appears they did not gain complete control of the accounts, but gained limited access to them through a control panel.
The initial exploit was through one of the administrator’s email accounts who manages BarackObama.com. They were able to gain access to the back end control panel of Blue State Digital and hijack the application that manages donate.barackobama.com.
It is assumed that the SEA was then able to send out Facebook posts and Twitter updates from the same control panel or other social media panels they gained access to when they compromised the admins account.
Although the SEA may not have compromised an official government site associated with the President, the PR damage of gaining control of his fund raising website has a similar propaganda effect.
There is also the issue regarding what data the SEA has access to as a result of the breach, in Blue State Digital’s case study for the Obama campaign they state they had 13 million emails… Are these now in the hands of SEA for possible spear-phishing attacks?
Blue State Digital’s website was down for a few hours showing a blank page, but is now back up. Some of the other clients listed by Blue State Digital include Google and the NAACP amongst others, including several awareness programs including the “It Gets Better” suicide prevention program.