The @BarackObama Twitter account is run by the Organizing for Action (OFA) group and has more to do with Obama's political campaigning than actual government. Nevertheless, the account has more than 39 million followers, and those followers found yesterday that the shortened URLs in the tweets took them not to the expected destinations but to a 24-minute video titled Syria facing terrorism.
URL shortening is a common practice on Twitter in order to maximize the remaining space available for the accompanying message. URL shortening is also a common practice among hackers because it hides the true destination of the link. By hacking the shortening service, SEA was able to redirect the tweet links to the video without any apparent change to the tweets themselves.
The video, hosted on YouTube, has since been removed for "violation of YouTube's policy on shocking and disgusting content;' and the tweet links have been corrected.
The steps involved in the attack were archetypal SEA methodology. First a number of OFA email accounts were hacked, probably by spear-phishing. One of the Twitter Pics posted by @Official_SEA16 in its traditional online commentary shows the Google mail account of staffer Suzanne Snurpus. She confirmed to Quartz "that her account was hacked over the weekend, along with 'lots' of other volunteers for Obama’s Organizing for Action grass roots campaign organization."
It is probably from within these emails that SEA found the passwords to gain access to OFA's accounts with the link shortening service ShortSwitch, and Blue State Digital. "The hackers then changed all the links in the Obama Twitter feed belonging to OFA to redirect to a video created by the Syrian Electronic Army," explains Quartz.
SEA subsequently told Mashable that it took eight hacked email accounts to effect the attack. "As you might expect all the necessary information was in their emails," the spokesperson wrote to Mashable. "They didn't even enabled two-step verification."
Snurpus confirmed to Quartz, "'We’ve taken measures to correct it,' says Suzanne Snurpus. 'And we’ve all changed our passwords and added an extra layer of login security.' That 'extra layer' is Google’s two-step authentication, which helps prevent unauthorized logins by linking an email address to an existing cell phone number."
"Obama doesn't have any ethical issues with spying on the world, so we took it upon ourselves to return the favor," tweeted SEA.