Yesterday, President Barack Obama posted an article on his Twitter account: "Science fair nightmare: This #climate change denier is the world's most embarrassing dad," he wrote. But the attached link didn't go to his campaign site. Instead, it directed readers alternately to an apparent malware site and a propaganda video called "Syria Facing Terrorism." It appeared that the Syrian Electronic Army had claimed another victim, all the way at the top of the US government.
But the problem didn't seem to be a full account hack. Instead, someone had used Obama's URL shortener to hijack the link, directing it to the video and site. Huffington Post correspondent Sam Stein quickly got a response from Obama campaign group Organizers for Action: "An account with our link shortener was hacked. [But] at no point did they have access to the Twitter handle." Twitter has also confirmed to us that there's no evidence the Twitter account was hacked. The tweet was up for 19 hours before the redirect was noticed, making it possible that the change happened only recently. Not long after, the link was fixed; it now sends readers to Barack Obama's site.
We accessed many Obama campaign emails accounts to assess his terrorism capabilities. They are quite high #SEA pic.twitter.com/ARgGLX8IjN— SyrianElectronicArmy (@Official_SEA16) October 28, 2013
Plenty of Twitter accounts (including, famously, the AP's) have been directly hacked by the Syrian Electronic Army, and the group has claimed responsibility for this redirect. But this hack is more subtle than most of what we've seen. For one thing, there's so far only a single redirected link, rather than the multiple propaganda tweets it posts from most accounts. The problem also isn't immediately obvious; it's hard to even tell how long the offending link has been up. The consequences of this link hijacking are potentially serious, though a wrong link doesn't pose the same problems as a false tweet. Unlike the AP hack, it can't give patently false breaking news with a tone of authority. It is, however, an easy way to send someone to a phishing site, where they might give up the kind of information that has given the Syrian Electronic Army much of its power.
Update: The Syrian Electronic Army has claimed responsibility for the hack, and the White House has corrected the link. Its tweet shows, and Quartz has confirmed, that the Gmail account of a campaign staffer with Organizers for Action was hacked, likely giving the SEA either login information or password reset privileges to the link shortener. Post has been updated with details.