Federal authorities last week launched a probe of a suspected cyberattack that targeted the private Gmail account of a White House staffer.
The employee’s correspondence turned up on the DCleaks hacktivist site, which earlier this month posted the private emails of former Secretary of State Colin Powell.
The latest dump involves the private account of White House staffer Ian Mellul, whose personal emails were published on the DCleaks Twitter account and website, along with the claim that they represented just part of a trove of correspondence from February 2015 through June of this year.
Mellul’s job entails coordination with the U.S. Secret Service and local law enforcement regarding the official travel of First Lady Michelle Obama and Vice President Joe Biden, according to DCleaks.
He reportedly also does work for the presidential campaign of former Secretary of State Hillary Clinton, whose operations repeatedly have been targeted in recent months.
First Lady’s Passport
The posted emails include a range of mundane correspondence involving White House tours, various official trips, invoices and other discussions with the Clinton campaign and government officials.
More troubling is the site’s posting of what it claims is the first lady’s open passport. It is not clear why that image would be in the staffer’s Gmail account.
“The Secret Service is aware of the alleged email hacking of a White House staffer,” spokesperson Cathy Milhoan told TechNewsWorld. “The Secret Service is concerned any time unauthorized information that might pertain to one of the individuals we protect, or our operation, is allegedly disclosed.”
However, the agency does not disclose information on investigations as a matter of policy, she added.
DCleaks earlier this month published a highly publicized trove of email correspondence from Powell, including some colorful commentary about Hillary Clinton and her presidential rival Donald Trump. It also includes some of Powell’s remarks about his advice to Clinton concerning email practices after she became secretary of state in 2009.
In the latest breach, the targeting of a low-level staffer is not by happenstance. It’s likely a targeted move to access proprietary government information through a back door.
This shouldn’t be considered a breach, but rather an attack,” said Christopher Budd, global threat communications manager at Trend Micro.
“The information around this indicates that this is a single, personal email account that has been compromised,” he told TechNewsWorld.
The fact that the hackers targeted the personal account of the White House staffer may be an indication that they were unable to penetrate the official government email accounts at the White House, Budd argued.
Targeting private accounts is a classic tactic used by cyberespionage groups in “island-hopping attacks,” he pointed out. The tactic involves going after private emails in order to breach government accounts and systems through “well-crafted spear phishing campaigns.”
DCleaks is a Russian-based influence outlet, according to ThreatConnect.
Guccifer 2.0 used DCleaks as a vehicle to dump emails obtained from the hacked Hillary Clinton campaign staffer, according to the firm.
Further, DCLeaks hosted a group of compromised emails from the account of Billy Rinehart Jr., a former United Nations Foundation official and regional director of the DNC, whose email was compromised in a similar fashion using tactics associated with Fancy Bear, ThreatConnect said.
Cybersecurity firm Crowdstrike previously linked Fancy bear and Cozy Bear to the hacker networks that targeted the Democratic National Committee earlier this year. Russian officials repeatedly hav edenied any connection to cyberattacks on the DNC, Clinton campaign or other agencies related to the election.