Private email account of CIA Director compromised by teenage hackers?
CIA Director John Brennan apparently got his private AOL email account hacked, and the attackers revealed that it contained information that shouldn’t have been there: Brennan’s 47-page application for top-secret security clearance, Social Security numbers and personal information of US intelligence officials, and other sensitive documents.
New York Post reporters managed to get in contact with the alleged hacker who posts on Twitter as phpax, and he (she?) claims that the hack was executed with the help of a colleague (they all go by “CWA”, i.e. “Crackas With Attitude”).
Apparently, it was as simple social engineering Verizon workers into sharing Brennan’s personal information, then leveraging that information to get AOL to reset the password associated with the email account.
Post’s write-up along with that of CNNMoney’s Laurie Segall, who also interviewed phpax, paint the following picture of the attackers: American, younger than 22, still in high school, pot smokers, moderately knowledgeable when it comes to hacking, not Muslims, but they profess that the hack was motivated by their desire to help Palestinians by urging the US to stop sending funds to Israel.
Of course, whether all this is true or not remains to be seen. It seems to me that at least some of the answers were meant as trolling.
The hackers allegedly broke into Brennan’s account on October 12, and Brennan apparently attempted to regain control of it by repeatedly resetting the password. He ultimately failed, and the account was disabled by AOL on Friday.
Phpax published on Twitter screenshots of a number of documents they ostensibly found in Brennan’s account, the question is whether they are authentic.
Before this, they also apparently managed to compromise various personal accounts of Secretary of Homeland Security Jeh Johnson.
The CIA has “referred the matter to the appropriate authorities”, and the DHS said that as a matter of policy, they do not comment on the Secretary’s personal security.
An investigation by the FBI is underway, but if the hack ends up to be true, it will confirm a wide-spread problem: executives and employees – even those who should know better by virtue of the job they do – continue to use their private, insecure email accounts to store sensitive data pertaining to their job, colleagues, and themselves.