Email Account of CIA Director Breached by Hacker

CIA logo photo compostion

Photo composition by Thursday Review

Email Account of CIA Director Breached by Hacker

| published October 20, 2015 |

By Thursday Review staff

 

It may turn out to be an embarrassment for the Central Intelligence Agency and the U.S. government, or it may be a strange hoax. For now, members of law enforcement and the whole security apparatus of the U.S. are looking for—or seeking to verify information about—a high school student who has hacked into the personal email account of CIA director John Brennan and the email account of Homeland Security Director Jeh Johnson.

The hacker, an American teenager who expresses sympathy for the Palestinians and anger at U.S. foreign policy towards Israel, says he staged the cyber breach as a publicity stunt to draw attention to the plight of Palestinians living in the shadow of Israel.

The student apparently used over-the-phone phishing techniques to ferret out information from AOL, Verizon and Comcast on Brennan, then used that small cache of data to reset Brennan’s AOL password. Within minutes, the hacker would have had unlimited access to Brennan’s emails, as well as Brennan’s personal profile with AOL.

The same student may have also convinced customer service representatives with Comcast and Verizon that he was Homeland Security chief Johnson, giving him access to Johnson’s personal email account with Comcast. The hacker released data purporting to be the personal information of Johnson, including home address and email address.

Such phishing techniques can be the easiest forms of entry into a personal account, but may require multiple attempts by the hacker. The technique can also be used just as effectively—sometimes more effectively—using a “live chat” texting service, offered by AOL, Verizon and Comcast.

Both the CIA and the FBI are looking into the matter, but have not told any news sources that it has identified the attacker. The hacker spoke by phone to reporters with the New York Post on Sunday, but law enforcement officials have not confirmed that conversation.

On Twitter and other social media, the hacker posted images—some of them redacted by the hacker himself—showing spreadsheets and documents which appear to be genuine materials belonging to Brennan’s account. One spreadsheet shows what appears to be a list of senior intelligence operatives, along with cell phone numbers, social security numbers, and addresses. The hacker used digital red ink to obscure the social security numbers and some of the other data.

Brennan apparently uses an AOL account for his personal activities; Johnson uses a personal account set up as part of his residential service with Comcast. Both Brennan and Johnson would be required under federal guidelines—the same guidelines now so infamous for their relevance to Presidential candidate Hillary Clinton—to use only a government-issued account for official emails and digital correspondence. Those accounts would end in the suffix .gov.

Clinton has faced scrutiny by reporters for months over her decision, which she now concedes was a mistake, to use a privately-crafted email account for her work correspondence while serving as Secretary of State, instead of a government-maintained account using government servers.

The hacker who breached the CIA chief’s account also gained access to the hundreds of names on Brennan’s contact list, which would include their email addresses as well.

The use of AOL email accounts for government business would be highly unorthodox, as would using a Comcast account designed for residential use. There is no federal requirement that government officials use any particular service for web access or email accounts for personal or home use, however, and some tech experts point out that it would not be uncommon for officials such as Brennan or Johnson to maintain an informal account using services such as Yahoo, AOL, or Hotmail.

The CIA says that Brennan did not use the AOL account for work or government business, but it remains unclear how the spreadsheet listing CIA operatives and their social security numbers ended up in Brennan’s AOL files.

In late July, Russian hacker breached the email platform used by about 4,000 employees of the U.S. Joint Chiefs of Staff. The attack was serious enough that it forced the shutdown of the email system used by the military to allow cyber-experts to seal the security weakness and implement a better defense against intrusion.

Related Thursday Review articles:

FBI Recovering Clinton Emails; Keith H. Roberts; Thursday Review; September 23, 2015.

Russians Hack Joint Chiefs Email System; Keith H. Roberts; Thursday Review; August 8, 2015.