Technology

10.28.13

Syrian Hackers: We Hacked Obama’s Twitter Account

For a brief period on Monday, links from the president’s official Twitter feed were directed a pro-Syria YouTube account. Brian Ries on how the online vigilantes got in.

The Syrian Electronic Army may have just hit its biggest target yet: the president of the United States.

The anonymous group responsible for hacking multiple news organizations’ digital properties to spread messages in support of the Syrian regime claimed on Monday morning that it had hacked the Twitter account @BarackObama.

Sure enough, links that had been sent by the account, which is managed by Organizing for Action, redirected to a YouTube video posted by a user named “syrian truth”—surely not somebody operating on behalf of Obama.

In an email to the tech website Mashable shared by reporter Fran Berkman on Twitter, an apparent representative of the SEA claimed responsibility for the brief attack, which appeared to be fixed shortly before 2:00 p.m. ET Monday afternoon. “All the the links [sic] that Barack Obama account tweeted it and post it on Facebook was redirected to a video showing the truth about Syria,” the email read.

“Obama doesn’t have any ethical issues with spying on the world, so we took it upon ourselves to return the favor,” an account associated with the Syrian Electronic Army later tweeted.

Sarah Wexler, director of public policy at Twitter, said the hack was not pulled off through the social media network, but rather through the URL shortener used by administrators of the Barack Obama Twitter feed. These services take long, ugly website addresses and present them in shortened, customized format. A long link to a Washington Post story about Republican congressman Jeff Denham, for instance, becomes OFA.BO/hb11NM—unless, of course, it is somehow redirected in that process, which is what appears to have happened earlier today.

As recently as November 2012, according to a tweet from a company employee, @BarackObama used a white-labeled shortening service called ShortSwitch. (By adding a simple “+” to the end of a BarackObama-tweeted URL, one lands on a ShortSwitch page, showing analytics for that particular link.) Calls to ShortSwitch went unanswered on Monday, as did a call to the product’s parent company, Eye Street Research.

“Obama doesn’t have any ethical issues with spying on the world, so we took it upon ourselves to return the favor.”

It’s unclear exactly where the hackers gained access to make that redirect. But here’s what’s most likely: the hackers obtained access to the URL shortening service used by OFA and redirected those recently shortened links to their own YouTube video. A source familiar with OFA's digital operations seconds this theory, noting the link redirect happened well outside of the group's standard Blue State Digital dashboard (despite that theory percolating throughout social media).

Reached over Twitter, and later over email, a spokesperson for the Syrian Elecronic Army told The Daily Beast how they pulled off the attack. "We hacked OFA emails (@barackobama.com) and accounts on shortswitch.com," the person said.

Speaking to Quartz, an Organizing for Action worker named Suzanne Snurpus said her Google email account had been compromised, alongside the accounts for “lots” of fellow volunteers, and “we’ve taken measures to correct it.” She added, “We’ve all changed our passwords and added an extra layer of login security,” though it was unclear what information, exactly, the hackers had gotten control of.

An OFA official told The Huffington Post’s Sam Stein: “An account with our link shortener was hacked. [But] at no point did they have access to the twitter handle.”

As word spread just before 2:00 p.m. ET that the links were compromised, a digital struggle seemed to ensure, with links that had been tweeted from @BarackObama switched from directing to the pro-Syrian regime YouTube video and instead linking back to Organizing for Action’s homepage, barackobama.com.

This is a breaking story and we’ll update as we learn more.