In many respects, this has been the year of cyberwarfare.
As we’re fond of recounting, it began with an alleged plot by Pyongyang to sabotage Seth Rogen and James Franco, reached peak absurdity when Penn State claimed Chinese hacker spies had taken over the engineering department, and turned deadly serious when the OPM suffered the largest breach of US government data in history.
The events mentioned above were part of a series of supposed breaches that include an IRS hack perpetrated by supposed “Russian organized crime syndicates” and hundreds of attacks that allegedly emanated from China and aimed to steal US corporate secrets.
All of the above comes on the heels of the NSA debate and is playing out amid a broader discussion about global cyber security.
Well don’t look now, but a “pot-smoking” Pro-Palestine, teen hacker from the group "Crackas With Attitude" claims to have breached CIA director John Brennan’s e-mail account.
Here’s more from Foreign Policy:
Fervently pro-Palestine, pot-smoking, teenage hacker claims to have hacked the AOL email account of CIA Director John Brennan.
The hacker in question, who goes by the moniker “cracka,” is a member of the hacker collective “Crackas With Attitude,” which appears to include at least one other member, who calls himself “cubed.” Media accounts about the alleged hack have so far focused on cracka’s role, but he told Foreign Policy via Twitter that the operation was very much the work of the collective. The hackers claim to have gotten into Brennan’s email by duping Verizon into providing them with the CIA chief’s personal information, which was then used to reset his AOL password.
Cracka has claimed that he has found a copy of Brennan’s application for a security clearance.
The hackers have so far posted what they claim to be a list of Brennan’s email contacts and a list of high-level government employees, along with their Social Security numbers and other personal information. That list of government employees includes Homeland Security Secretary Jeh Johnson. A Twitter account — since suspended — purporting to belong to the hacking collective posted what was describedas a call log for Deputy National Security Advisor Avril Haines.
Johnson, the DHS secretary, appears to have been heavily targeted by the hackers. Cracka claimed he infiltrated Johnson’s Comcast account andposted the message “Stop Wars” on his home television screen. He has also posted detailed information on Johnson’s family, including the address of his Georgetown home, his wife’s name and phone number, and the identity of his son’s girlfriend.
Here are some of “Cracka’s” tweets:
Its now just a battle between me and CIA, they keep taking the account back and I keep taking it back after xD pic.twitter.com/4HdZVWZ7hw— cracka (@phphax) October 13, 2015
You get the idea.
And here's more from Wired:
A HACKER WHO claims to have broken into the AOL account of CIA Director John Brennan says he obtained access by posing as a Verizon worker to trick another employee into revealing the spy chief’s personal information.
Using information like the four digits of Brennan’s bank card, which Verizon easily relinquished, the hacker and his associates were able to reset the password on Brennan’s AOL account repeatedly as the spy chief fought to regain control of it.
The documents they accessed included the sensitive 47-page SF-86 application that Brennan had filled out to obtain his top-secret government security clearance. Millions of SF86 applications were obtained recently by hackers who broke into networks belonging to the Office of Personnel Management. The applications, which are used by the government to conduct a background check, contain a wealth of sensitive data not only about workers seeking security clearance, but also about their friends, spouses and other family members. They also include criminal history, psychological records and information about past drug use as well as potentially sensitive information about the applicant’s interactions with foreign nationals—information that can be used against those nationals in their own country.
“[W]e told them we work for Verizon and we have a customer on scheduled callback,” he told WIRED. The caller told Verizon that he was unable to access Verizon’s customer database on his own because “our tools were down.”
After providing the Verizon employee with a fabricated employee Vcode—a unique code the he says Verizon assigns employees—they got the information they were seeking. This included Brennan’s account number, his four-digit PIN, the backup mobile number on the account, Brennan’s AOL email address and the last four digits on his bank card.
“[A]fter getting that info, we called AOL and said we were locked out of our AOL account,” he said. “They asked security questions like the last 4 on [the bank] card and we got that from Verizon so we told them that and they reset the password.” AOL also asked for the name and phone number associated with the account, all of which the hackers had obtained from Verizon.
On October 12, they gained access to Brennan’s email account, where they read several dozen emails, some of them that Brennan had forwarded from his government work address and that contained attachments. The hacker provided WIRED with both Brenann’s AOL address and the White House work address used to forward email to that account.
So they called Brennan’s mobile number, using VoIP, and told him he’d been hacked. The conversation was brief.
“[I]t was like ‘Hey,…. its CWA.’ He was like ‘What do you want?’ We said ‘2 trillion dollars hahhaa, just joking,'” the hacker recounted to WIRED.
Brennan, the hacker says, replied, “How much do you really want?”
They told Brennan “We just want Palestine to be free and for you to stop killing innocent people.”
So, it is that easy to get into the CIA director's personal e-mail account. Simply call Verizon and pose as an employee, ask for sensitive identifying information, then call AOL and supply them with said information.
Apparently, it never dawned on anyone at Verizon or AOL that the person on the other end of the line was i) asking for information about the CIA chief in the case of Verizon, and ii) pretending to be the CIA chief in the case of AOL. We can presumably blame that on the fact that the vast majority of Americans couldn't tell you who the head of the CIA was if their life depended on it.
Now the interesting thing here is that it certainly appears from the above that Brennan was discussing matters of national security on a private e-mail account. Only this wasn't even on a personal server à la Hillary - this was on AOL.
One wonders if we'll now be able to look forward to another round of Congressional e-mail inquiries this time courtesy of "Crackas With Attitude."