Well-Known Email Prankster Ends Up With Sensitive Document From Jared Kushner's Lawyer
from the sold-out-by-autocomplete? dept
Careless handling of sensitive emails isn’t just a problem for Trump’s top advisor, Jared Kushner. Having rolled into office on the echoing cries of “Lock her up!” Trump’s team nonetheless continued to use private email accounts for official correspondence. Kusher did this twice: using both a Republican National Committee account as well as another personal email address.
It’s a security issue as well as a transparency issue. Personal email accounts — while convenient (and conveniently opaque) — are little more than attack vectors for cybercriminals and state-sponsored hacking. Making this security problem worse are Trump team legal reps, who can’t seem to stop communicating with staffer-spoofing accounts.
A prankster known only by his Twitter handle (SINON_REBORN) has a few admin team trophies on his wall already. The prankster has already duped White House Special Counsel Ty Cobb with an impersonation of White House Media Director Dan Scavino. That followed successful pranking of Breitbart editors and White House Homeland Security Advisor Tom Bossett.
The latest victim is Jared Kushner’s lawyer, Abbe Lowell. He’s been stung twice, as the Verge’s Sarah Jeong reports.
This is the second time that Abbe Lowell, a partner at Norton Rose Fulbright LLP, who began representing Kushner in June, has fallen for a prankster who calls himself SINON_REBORN (a reference to the original legend of the Trojan Horse). Two days ago he corresponded with kushner.jared@mail.com, as the fake Jared Kushner asked for legal advice on whether to remove correspondence on his private email account that featured “adult content.” Fortunately for Lowell, the conversation didn’t go far, ending with, “Don’t delete. Don’t send to anyone. Let’s chat in a bit.”
This email exchange likely gave Kushner’s lawyer a few mental images he wished he’d never had. A more descriptive recounting of the email exchange at Business Insider shows Abbe Lowell tangling with possibly unfamiliar fetishes.
“I need to see I think all emails between you and WH (just for me and us),” Lowell wrote. “We need to send any officials emails to your WH account. Not stuff like you asked about. None of those are going anywhere.”
“But we can bury it?” the prankster responded. “I’m so embarrassed. It’s fairly specialist stuff, half naked women on a trampoline, standing on legoscenes, the tag for the movie was #standingOnTheLittlePeople :(“
That Lowell believed this was from his client raises questions about the frequency of emojis in Kushner’s communications. But this exchange wasn’t the end of it. The next email the prankster received from Kushner’s lawyer was unsolicited, but it contained a sensitive document.
We don’t know exactly what happened, but the most likely scenario is that Lowell’s mail client autocompleted to the fake Kushner email address, landing a sensitive letter right in the prankster’s inbox. SINON_REBORN then reposted the letter on Twitter.
The document is a committee-eyes-only letter from the Senate Intelligence Committee, ordering him to preserve emails from his personal account possibly related to the ongoing Russian election interference investigation. Presumably these emails wouldn’t include half-naked trampoline Lego porn, but Lowell’s response to take the discussion offline suggests there are still several ongoing discussions the Intelligence Committee won’t be able to access.
Is this administration’s operational security worse than the last one’s? There’s not enough data available to tell. But SINON-REBORN’s pranks were already well-known before this latest administration gaffe, suggesting a lack of detail orientation by admin members and their legal representation.
Filed Under: abbe lowell, email, jared kushner, prank
Comments on “Well-Known Email Prankster Ends Up With Sensitive Document From Jared Kushner's Lawyer”
Hmmm.
Getting duped by a prankster is bad. Really bad.
But it looks like the lawyer is doing what he should be doing: preserving emails by forwarding official ones to the White House. Since he doesn’t seem to think he’s being pranked (and therefore trying to look good to the public), it’s good that he didn’t respond with, “Delete all of it!”
But partisans will not give anyone on the other side even a tiny benefit of a doubt.
Re: Hmmm.
that is kind of the definition of partisan.
Re: Hmmm.
…I’m not going to give somebody a cookie just because he didn’t commit a felony, John.
Re: Re: Hmmm.
…I’m not going to give somebody a cookie just because he didn’t commit a felony, John.
Proving my statement: But partisans will not give anyone on the other side even a tiny benefit of a doubt.
Good job!
Re: Re: Re: Hmmm.
But I didn’t commit a felony, so by your logic, you should be praising me.
Re: Re: Re: Hmmm.
That has nothing to do with partisanship or giving someone the benefit of the doubt. Someone not screwing up and/or breaking the law is not worth note or praise, unless you’re setting the bar really low.
Re: Re: Re: Hmmm.
Okay, we all agree it was good advice so what “benefit of the doubt” should I give the guy?
He’s a high paid lawyer that gives good legal advice. Kind of what you expect from your lawyer, good advice. If I need advice about private e-mail accounts used for sensitive government business I know I can go to him. Now, how does that make any of this better and/or worse?
Re: Re: Hmmm.
Unlike the US (and probably other) militaries?
Good Conduct Medal:
Re: Re: Re: Hmmm.
I guess that makes it ok then
Re: Re: Re: Hmmm.
Not really; that sounds like it sets the bar higher than just "don’t commit any felonies." I’m not military so I don’t know what constitutes a disciplinary infraction or requires non-judicial punishment, but those standards sure sound like they’re south of committing a felony.
Remedial email security classes
Remedial email security classes for everyone in government! Learn how not to be duped.
Re: Remedial email security classes
You can teach ignorance. You cannot teach stupid.
Re: Remedial email security classes
Remedial email security classes for everyone in government! Learn how not to be duped.
I’ve heard that security consultants from Sinon-Tek give some pretty pretty thorough lectures, with tons of in-depth coverage of electronic communication best practices.
Re: Remedial email security classes
Yeah, good luck with that. As part of penetration testing, I routinely dupe just about everyone inside my targets: executives, salespeople, tech support, marketers, engineers, and yes, the security and network administration teams.
Now, granted: I’m very, very good at it because I’ve had multiple decades of practice and I invest considerable time in studying my targets before I try anything. So not everyone out there could do this.
But there are multiple governments out there that eat this for breakfast, which is why what Kushner has done three times (not twice: another story broke last night) is incredibly reckless and dangerous. Keep in mind: this is the one WE KNOW ABOUT. Surely it’s not the only one. Surely intelligence agencies exploited this a long time ago. Surely some of them took advantage of the situation to plant malware or otherwise ensure long-term access to his email.
As I commented in a related thread here yesterday, there is no way that anybody who’s a top ten target (or even top hundred, for that matter) should be doing this.
Re: Re: Remedial email security classes
Can I please get a link to the third one? I’m Googling it, but I can’t find it (presumably because it’s being buried under all of the other Kushner e-mail stuff).
Re: Re: Remedial email security classes
Hope your arm is ok
Only Half-naked porn?
Half-naked is porn? Really? Wow!
Seems we need to introduce the white house to Fully Clothed Porn starring Donald Trump!
Re: Only Half-naked porn?
Your surprise indicates a serious lack of exposure to porn. To cure this condition, you should spend at least 30 minutes a day on PornHub.
Just be careful of accidental tweeting.
Re: Re: Only Half-naked porn?
Isn’t that how he found his 3rd wife?
fool me once
shame on… shame on you
fool me… You can’t get fooled again!
take it from gw
Funny...but
As funny as this was, I think you’re missing the real story here. Impersonating a public servant, in a professional capacity, is illegal, and satire and parody usually doesn’t cover what this prankster did. This is very different from setting up a satire Facebook account under a public servant’s name. He corresponded with an attorney with the intent of soliciting privileged information. I wouldn’t be surprised if this prankster got in some trouble over this.
Re: Funny...but
You forgot the IANAL bit.
Re: Funny...but
When did he solicit privileged information?
Re: Funny...but
Looks like he asked for personal help with a very personal matter to me.