Well-Known Email Prankster Ends Up With Sensitive Document From Jared Kushner's Lawyer

from the sold-out-by-autocomplete? dept

Careless handling of sensitive emails isn't just a problem for Trump's top advisor, Jared Kushner. Having rolled into office on the echoing cries of "Lock her up!" Trump's team nonetheless continued to use private email accounts for official correspondence. Kusher did this twice: using both a Republican National Committee account as well as another personal email address.

It's a security issue as well as a transparency issue. Personal email accounts -- while convenient (and conveniently opaque) -- are little more than attack vectors for cybercriminals and state-sponsored hacking. Making this security problem worse are Trump team legal reps, who can't seem to stop communicating with staffer-spoofing accounts.

A prankster known only by his Twitter handle (SINON_REBORN) has a few admin team trophies on his wall already. The prankster has already duped White House Special Counsel Ty Cobb with an impersonation of White House Media Director Dan Scavino. That followed successful pranking of Breitbart editors and White House Homeland Security Advisor Tom Bossett.

The latest victim is Jared Kushner's lawyer, Abbe Lowell. He's been stung twice, as the Verge's Sarah Jeong reports.

This is the second time that Abbe Lowell, a partner at Norton Rose Fulbright LLP, who began representing Kushner in June, has fallen for a prankster who calls himself SINON_REBORN (a reference to the original legend of the Trojan Horse). Two days ago he corresponded with kushner.jared@mail.com, as the fake Jared Kushner asked for legal advice on whether to remove correspondence on his private email account that featured "adult content." Fortunately for Lowell, the conversation didn't go far, ending with, "Don't delete. Don't send to anyone. Let's chat in a bit."

This email exchange likely gave Kushner's lawyer a few mental images he wished he'd never had. A more descriptive recounting of the email exchange at Business Insider shows Abbe Lowell tangling with possibly unfamiliar fetishes.

"I need to see I think all emails between you and WH (just for me and us)," Lowell wrote. "We need to send any officials emails to your WH account. Not stuff like you asked about. None of those are going anywhere."

"But we can bury it?" the prankster responded. "I'm so embarrassed. It's fairly specialist stuff, half naked women on a trampoline, standing on legoscenes, the tag for the movie was #standingOnTheLittlePeople :("

That Lowell believed this was from his client raises questions about the frequency of emojis in Kushner's communications. But this exchange wasn't the end of it. The next email the prankster received from Kushner's lawyer was unsolicited, but it contained a sensitive document.

We don't know exactly what happened, but the most likely scenario is that Lowell's mail client autocompleted to the fake Kushner email address, landing a sensitive letter right in the prankster's inbox. SINON_REBORN then reposted the letter on Twitter.

The document is a committee-eyes-only letter from the Senate Intelligence Committee, ordering him to preserve emails from his personal account possibly related to the ongoing Russian election interference investigation. Presumably these emails wouldn't include half-naked trampoline Lego porn, but Lowell's response to take the discussion offline suggests there are still several ongoing discussions the Intelligence Committee won't be able to access.

Is this administration's operational security worse than the last one's? There's not enough data available to tell. But SINON-REBORN's pranks were already well-known before this latest administration gaffe, suggesting a lack of detail orientation by admin members and their legal representation.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: abbe lowell, email, jared kushner, prank


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    John Snape (profile), 3 Oct 2017 @ 10:54am

    Hmmm.

    Getting duped by a prankster is bad. Really bad.

    But it looks like the lawyer is doing what he should be doing: preserving emails by forwarding official ones to the White House. Since he doesn't seem to think he's being pranked (and therefore trying to look good to the public), it's good that he didn't respond with, "Delete all of it!"

    But partisans will not give anyone on the other side even a tiny benefit of a doubt.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 3 Oct 2017 @ 10:56am

      Re: Hmmm.

      that is kind of the definition of partisan.

      link to this | view in chronology ]

    • identicon
      Thad, 3 Oct 2017 @ 11:35am

      Re: Hmmm.

      But it looks like the lawyer is doing what he should be doing: preserving emails by forwarding official ones to the White House. Since he doesn't seem to think he's being pranked (and therefore trying to look good to the public), it's good that he didn't respond with, "Delete all of it!"

      ...I'm not going to give somebody a cookie just because he didn't commit a felony, John.

      link to this | view in chronology ]

      • icon
        John Snape (profile), 3 Oct 2017 @ 4:56pm

        Re: Re: Hmmm.

        ...I'm not going to give somebody a cookie just because he didn't commit a felony, John.

        Proving my statement: But partisans will not give anyone on the other side even a tiny benefit of a doubt.

        Good job!

        link to this | view in chronology ]

        • identicon
          Thad, 3 Oct 2017 @ 4:59pm

          Re: Re: Re: Hmmm.

          But I didn't commit a felony, so by your logic, you should be praising me.

          link to this | view in chronology ]

        • icon
          That One Guy (profile), 3 Oct 2017 @ 5:17pm

          Re: Re: Re: Hmmm.

          That has nothing to do with partisanship or giving someone the benefit of the doubt. Someone not screwing up and/or breaking the law is not worth note or praise, unless you're setting the bar really low.

          link to this | view in chronology ]

        • icon
          Narcissus (profile), 4 Oct 2017 @ 1:44am

          Re: Re: Re: Hmmm.

          Okay, we all agree it was good advice so what "benefit of the doubt" should I give the guy?

          He's a high paid lawyer that gives good legal advice. Kind of what you expect from your lawyer, good advice. If I need advice about private e-mail accounts used for sensitive government business I know I can go to him. Now, how does that make any of this better and/or worse?

          link to this | view in chronology ]

      • icon
        Eldakka (profile), 4 Oct 2017 @ 12:22am

        Re: Re: Hmmm.

        ...I'm not going to give somebody a cookie just because he didn't commit a felony, John.

        Unlike the US (and probably other) militaries?

        Good Conduct Medal:

        The Good Conduct Medal, each one specific to one of the five branches of the U.S. Armed Forces, is currently awarded to any active duty enlisted member of the United States military who completes three consecutive years of "honorable and faithful service". Such service implies that a standard enlistment was completed without any non-judicial punishment, disciplinary infractions, or court martial offenses.

        link to this | view in chronology ]

        • identicon
          Anonymous Coward, 4 Oct 2017 @ 6:45am

          Re: Re: Re: Hmmm.

          I guess that makes it ok then

          link to this | view in chronology ]

        • identicon
          Thad, 4 Oct 2017 @ 7:32am

          Re: Re: Re: Hmmm.

          Not really; that sounds like it sets the bar higher than just "don't commit any felonies." I'm not military so I don't know what constitutes a disciplinary infraction or requires non-judicial punishment, but those standards sure sound like they're south of committing a felony.

          link to this | view in chronology ]

  • icon
    afn29129 (profile), 3 Oct 2017 @ 11:12am

    Remedial email security classes

    Remedial email security classes for everyone in government! Learn how not to be duped.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 3 Oct 2017 @ 11:30am

      Re: Remedial email security classes

      You can teach ignorance. You cannot teach stupid.

      link to this | view in chronology ]

    • icon
      stderric (profile), 3 Oct 2017 @ 11:36am

      Re: Remedial email security classes

      Remedial email security classes for everyone in government! Learn how not to be duped.

      I've heard that security consultants from Sinon-Tek give some pretty pretty thorough lectures, with tons of in-depth coverage of electronic communication best practices.

      link to this | view in chronology ]

    • identicon
      Anonymous Coward, 3 Oct 2017 @ 1:16pm

      Re: Remedial email security classes

      Yeah, good luck with that. As part of penetration testing, I routinely dupe just about everyone inside my targets: executives, salespeople, tech support, marketers, engineers, and yes, the security and network administration teams.

      Now, granted: I'm very, very good at it because I've had multiple decades of practice and I invest considerable time in studying my targets before I try anything. So not everyone out there could do this.

      But there are multiple governments out there that eat this for breakfast, which is why what Kushner has done three times (not twice: another story broke last night) is incredibly reckless and dangerous. Keep in mind: this is the one WE KNOW ABOUT. Surely it's not the only one. Surely intelligence agencies exploited this a long time ago. Surely some of them took advantage of the situation to plant malware or otherwise ensure long-term access to his email.

      As I commented in a related thread here yesterday, there is no way that anybody who's a top ten target (or even top hundred, for that matter) should be doing this.

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 4 Oct 2017 @ 6:30am

        Re: Re: Remedial email security classes

        three times (not twice: another story broke last night)

        Can I please get a link to the third one? I'm Googling it, but I can't find it (presumably because it's being buried under all of the other Kushner e-mail stuff).

        link to this | view in chronology ]

      • identicon
        Anonymous Coward, 4 Oct 2017 @ 6:47am

        Re: Re: Remedial email security classes

        Hope your arm is ok

        link to this | view in chronology ]

  • identicon
    Christenson, 3 Oct 2017 @ 11:49am

    Only Half-naked porn?

    Half-naked is porn? Really? Wow!

    Seems we need to introduce the white house to Fully Clothed Porn starring Donald Trump!

    link to this | view in chronology ]

    • identicon
      ryuugami, 3 Oct 2017 @ 12:50pm

      Re: Only Half-naked porn?

      Half-naked is porn? Really? Wow!

      Your surprise indicates a serious lack of exposure to porn. To cure this condition, you should spend at least 30 minutes a day on PornHub.

      Just be careful of accidental tweeting.

      link to this | view in chronology ]

  • identicon
    Christian wolfe, 3 Oct 2017 @ 12:02pm

    fool me once

    shame on... shame on you
    fool me... You can't get fooled again!

    take it from gw

    link to this | view in chronology ]

  • identicon
    Jason, 3 Oct 2017 @ 1:23pm

    Funny...but

    As funny as this was, I think you're missing the real story here. Impersonating a public servant, in a professional capacity, is illegal, and satire and parody usually doesn't cover what this prankster did. This is very different from setting up a satire Facebook account under a public servant's name. He corresponded with an attorney with the intent of soliciting privileged information. I wouldn't be surprised if this prankster got in some trouble over this.

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.