Governance & Risk Management , Incident & Breach Response , Managed Detection & Response (MDR)
CIA Director's AOL Email Account Reportedly Hacked
Personal Account Reportedly Stored Personal Details for Top U.S. OfficialsU.S. law enforcement agencies are investigating reports that the personal email account of Director of the Central Intelligence Agency John Brennan was hacked by an American teenager and that personal information for some top U.S. intelligence and national security officials was stolen in the data breach and leaked online.
See Also: Gartner Market Guide for DFIR Retainer Services
Someone claiming to be the hacker tells the New York Post that he is a male U.S. high school student and that he first broke into Brennan's AOL email account on Oct. 12 after using social engineering tactics to trick employees at AOL parent company Verizon into divulging some of Brennan's personal details, which he then used to reset the CIA director's AOL account password and gain access. Once there, he says he found a contact list containing 2,611 email and instant message addresses - some for top U.S. national security and intelligence officials - and that 40 of the emails had file attachments that also contained sensitive information, including Brennan's application for a top-secret security clearance.
The newspaper - which describes the hacker as a "teen stoner" dissatisfied with U.S. foreign policy - reports that the AOL account also contained personal information, including Social Security numbers, for numerous senior intelligence officials, as well as details relating to CIA interrogation techniques. Multiple officials named in the leaked data have confirmed to The Wall Street Journal that the leaked information was accurate, and some reported being contacted by intelligence officials to warn them that their personal data had been compromised.
Leaked Data
After some back-and-forth grabs for control of the AOL account, the hacker said via Twitter - using the account name "phphax" and username "cracka" - that Brennan's account was deactivated Oct. 16, although he reported that he's also been prank-calling the CIA director since August, at one point reciting Brennan's Social Security number to him.
"He waited a tiny bit and hung up," the hacker told the New York Post.
The hacker also claimed to the newspaper that he'd accessed the online Comcast account for Homeland Security Secretary Jeh Johnson and listened to his voicemails. He also published alleged personal details about Johnson, as well as his wife and son, plus various other details - an alleged photograph of their house, the MAC address of their Comcast cable modem - to the open source Cyberguerrilla PasteBin text-sharing website. And claimed to have leaked call logs from White House Deputy National Security Advisor Avril Haines.
The hacker - or hackers - behind the breach tweeted Oct. 19 that they "we are not doing this for personal satisfaction, we are doing this because innocent people in Palestine are being killed daily." The various Twitter accounts used by the hackers have also included the hashtags "FreePalestine," "FreeGaza" and "Anonymous."
The awkward moment when feds admit i had unauthorized access to the accounts and people are still saying i faked it. :/ LOL
� cracka (@phphax) October 20, 2015
"John and Jeh are both very big people and high-ranking people, so, I mean, if we hacked them, they would be ashamed," the hacker told CNN Oct. 19, noting that he had yet to be contacted by law enforcement agencies. "But it was really because the government are killing innocent people, they also fund (Israel) for killing innocent people."
Secret Service Confirms Investigation
In response to the hacking report, the CIA has issued the following statement: "We are aware of the reports that have surfaced on social media and have referred the matter to the appropriate authorities." A DHS spokesman also issued the following statement: "We don't discuss the Secretary's security information. We have forwarded this matter to the appropriate authorities."
The Secret Service confirms that it has launched a related investigation. "We are looking into that matter," spokesman Rob Hoback tells Information Security Media Group. The FBI also confirms that it is investigating with the Secret Service. "Because this is an ongoing investigation, we are restricted from commenting further," a spokeswoman says. Meanwhile, Verizon could not be immediately reached for comment, but the telecommunications giant has reportedly confirmed that it is assisting law enforcement agencies in their investigation.
If the hackers get caught, they would face severe repercussions, former CIA analyst Aki Peritz tells The Wall Street Journal. "Posting the personal information of a senior government official and then bragging about it - you are going to have the full weight of the law come down on you," Peritz said. "If these are actually teenagers, they have really messed up their life for a long time."
Follows Clinton Email Controversy
Before taking the helm of the CIA, Brennan was President Obama's top homeland security adviser. He has held a number of national security and intelligence posts over his career, but also faced controversy for defending the CIA's past use of "enhanced interrogation techniques" - torture - and arguing that it had helped to "thwart attack plans, capture terrorists, and save lives."
If Brennan was using a personal email account to store sensitive information about top U.S. national security and intelligence officials, it would no doubt prove embarrassing for the Obama administration, coming in the wake of the ongoing controversy involving Democratic presidential contender Hillary Clinton, who used a personal email server while she served as Secretary of State (see How Will FBI Examine Hillary's Server?).
While initial concern focused on whether Clinton had complied with relevant federal and departmental rules, information security experts were quick to warn that it would have been difficult to keep any such server secure (see Was Clinton Server Exposed to Hacks?).