The Trump administration’s greatest threat to cybersecurity may not be Russian hackers, but its own officials. CNN reports that several high-ranking White House officials, including former Communications Director Anthony Scaramucci, U.S. Ambassador to Russia Jon Hunstman Jr., and Eric Trump, were tricked by an “email prankster” in the U.K. who posed as other administration officials in emails.
The most notable security breach took place when Tom Bossert, a Homeland Security advisor tasked with cybersecurity, offered his private email, unsolicited, to the prankster who was posing as Jared Kushner.
“Tom, we are arranging a bit of a soirée towards the end of August,” the fake Kushner wrote. “It would be great if you could make it, I promise food of at least comparible (sic) quality to that which we ate in Iraq. Should be a great evening.”
“Thanks, Jared. With a promise like that, I can’t refuse. Also, if you ever need it, my personal email is” (redacted), Bossert replied.
The prankster, who is known on Twitter @SINON_REBORN, shared the emails with CNN, and told the network he was “surprised Bossert responded given his expertise.”
He also contacted former White House Communications Director Anthony Scaramucci from a Mail.com account the day after Priebus’s resignation was announced, writing: “I had promised myself I would leave my hands mud free, but after reading your tweet today which stated how; ‘soon we will learn who in the media who has class, and who hasn’t’, has pushed me to this. That tweet was breathtakingly hypocritical, even for you.”
Scaramucci responded ominously: “You know what you did. We all do. Even today. But rest assured we were prepared. A Man would apologize.”
U.S. Ambassador to Russia Jon Hunstman Jr. was also fooled by the prankster, who posed as the president’s son Eric Trump. “Thanks for the thoughtful note,” he wrote to fake Eric Trump. “Russia will be a challenging but no doubt rewarding assignment.”
“Maybe we could have Dad sat (sic) on a horse, top off, giving the full Putin! He’s in better shape than his suits suggest,” the fake Eric Trump responded.
The real Eric Trump was the only official to catch on to the prank, and told the man, posing as his brother Donald Jr.: “I have sent this to law enforcement who will handle from here.” The prankster told CNN he never heard from anyone in law enforcement about the incident.
This isn’t the first time a Trump administration official has been duped by pranksters. In July, Energy Secretary Rick Perry took a 20-minute phone call with two Russian jokesters posing as the prime minister of Ukraine.
While these recent pranks may be harmless, the lack of judgment they reveal is cause for concern, especially given that similar spear-phishing tactics have been used to target officials for more nefarious purposes. Clinton campaign manager John Podesta’s emails were leaked after he fell for a phishing scam, and since May, hackers have breached the security of at least a dozen nuclear power plants in the U.S.; Russian hackers are suspected in both cases.
“We take all cyber-related issues very seriously and are looking into these incidents further,” White House Press Secretary Sarah Huckabee Sanders told CNN.