A hacker in the U.K. tricked several White House officials into believing he was senior adviser Jared Kushner—including one of the White House’s top cyber security experts, Tom Bossert.
Bossert, White House homeland security adviser, is spearheading executive efforts to bolster the cybersecurity of critical infrastructure and reshape government IT policies. But in July, he responded to a spoofed email that claimed to be from Jared Kushner, and gave the hacker his personal address, CNN reported.
“Tom, we are arranging a bit of a soirée towards the end of August. It would be great if you could make it, I promise food of at least comparible (sic) quality to that which we ate in Iraq. Should be a great evening,” the hacker wrote from an Outlook account.
Bossert responded, writing, “Thanks, Jared. With a promise like that, I can’t refuse. Also, if you ever need it, my personal email is [redacted].”
Other officials were also caught up in the email scam, including the former White House communications director Anthony Scaramucci, who received an email from the hacker pretending to be ex-Chief of Staff Reince Priebus and another from a fake Jon Huntsman Jr., the Russian ambassador, CNN reported.
Government agencies and officials are frequently targeted in cyberattacks. But the White House incident draws attention to the strength of the Trump administration’s own cybersecurity staffing.
There are a number of vacancies in cybersecurity roles across the government. According to the government job database USAJobs, there are at least six senior executive vacancies for tech and information security. The positions are spread across agencies and include NASA, the Office of Personnel Management, which suffered a massive breach reported in 2015, the U.S. Census Bureau, and the Patent and Trademark Office.
Everyone is vulnerable to cyberattacks and breaches — even cybersecurity experts. Scammers rely on familiarity and sympathy to extract personal details and money from their victims, creating situations where people are less likely to think twice. Whether it’s an email phishing scam from a veteran stranded in Iraq, a hack into your bank, fake calls from the IRS, or a coordinated ransomware attack that holds patient records hostage for payment, cyber threats are increasingly pervasive and sophisticated.
Despite the current vacancies, the Trump administration has adamantly pushed for tightened cybersecurity policies. President Donald Trump signed an executive order that built on his predecessor’s plan and focused on agencies creating and executing comprehensive strategies that “will hold heads of executive departments and agencies (agency heads) accountable for managing cybersecurity risk to their enterprises.”