
“E-mail prankster” phishes White House officials; hilarity ensues - rbanffy
https://arstechnica.com/gadgets/2017/08/e-mail-prankster-phishes-white-house-officials-hilarity-ensues/
======
dpflan
I would think that the White House would flag incoming email that is not
internal as "external" to at least give some more context that the sender
should be treated cautiously given (obviously what this pranking reveals) how
easily someone can be impersonated digitally. The ruse is still _malicious_
because it attempts to elicit responses that can be used to ridicule the
target via public humiliation - and could accidentally release sensitive
information.

The idea is good for a jab and opportunistic, but then making a "career" out
of pestering people like this seems less than interesting in the long run. The
barrier to entry seems quite low, so if one person shows how easy it is to
gain public notoriety (and $$$, the pranker is creating a "book"), then I
suspect we could see more of this publicized pranking.

What do you think? Are you for or against this?

~~~
24gttghh
This person is basically a troll who can spell. This makes him no better than
those he attempts to fool. I don't think such behavior should be encouraged,
especially considering how often it happens...

~~~
scottmf
Oh come on. It's a form of social engineering and I'd say it has a net benefit
for society.

These emails have brought to light some weaknesses in these systems. Hopefully
they'll be patched very quickly.

~~~
24gttghh
I think there are ethical ways to publicize vulnerabilities in a system ala
Google's Project Zero, and then there's public shaming through trickery. Not
to say how the administration reacted may be overblown, but "ends justify the
means" is a slippery slope I find unpalatable.

~~~
scottmf
There's no "The Email Company" to fix such vulnerabilities.

Given the damage that could have been caused, the prank is incredibly
harmless. At worst it has temporarily embarrassed a few people already shown
to be immune to embarrassment.

------
mrhektor
What's even worse is that the guy that got phished is responsible for U.S.
cybersecurity. ([http://time.com/4881849/white-house-email-
prank/](http://time.com/4881849/white-house-email-prank/))

------
michaelbuckbee
There's a reason this works that I haven't seen discussed much. Namely that
because of archiving rules (these are historical documents from
elected+appointed officials) and the propensity for emails to be subpoenaed in
investigations that much of the "work" of elected officials has been pushed
off to private email services.

While it's tempting to think this happens for nefarious reasons, I suspect
that it's mostly for the same reason that security is routinely circumvented
in non-governmental organizations: it's cumbersome.

So it's not wildly unexpected that you might get an email from a senior White
House staffer from a non-official address.

------
QAPereo
This has officially hurtled past joke and into the realm of really
frightening. Nobody with even a scrap of power should have skin this thin, not
even if they only had that power for less than two weeks. What's worse is this
is just a pale reflection of our commander-in-chief, the real nutter.

------
kutkloon7
Isn't impersonating someone illegal, just like publishing a response in a
private email conversation?

~~~
thaumasiotes
There's nothing illegal about publishing a response.

~~~
mcv
Perhaps, but I'm pretty sure that impersonating someone, and especially
impersonating someone with the intent to acquire non-public information, is
illegal.

------
nthcolumn
th3j35t3r strikes again!

