Slashdot Mirror

← Back to Stories (view on slashdot.org)

Arrests Made After Group Hacks CIA Director's AOL Account (washingtonpost.com)

Posted by EditorDavid on from the you've-got-jail dept.

Slashdot reader FullBandwidth writes: U.S. authorities have arrested two North Carolina men accused of hacking into the private email accounts of high-ranking U.S. intelligence officials. [The men] will be extradited next week to Alexandria, where federal prosecutors for the Eastern District of Virginia have spent months building a case against a group that calls itself Crackas With Attitude... Authorities say the group included three teenage boys being investigated in the United Kingdom.
The group used social engineering to access the email accounts of John Brennan, the director of the CIA, as well as the Director of National Intelligence, and former FBI deputy director Mark Giuliano, according to the article. One exploit involved "posing as a Verizon technician and tricking the company's tech-support unit into revealing the CIA director's account number, password and other details." An FBI affidavit alleges that a British teenager named "Cracka" also began forwarding the calls of a former FBI deputy director "to a number associated with the Free Palestine Movement," while "D3F4ULT" paid for a campaign of harassing phone calls. In addition, "According to the affidavit, Cracka appears to have gotten into the law enforcement database simply by calling an FBI help desk and asking for Giuliano's password to be reset..."

"One member told CNN [In a video interview] that he smoked marijuana 'all day every day' and was 'probably' high when gaining access to high-level accounts."

107 comments

  1. False flag operation? by Anonymous Coward · · Score: 1

    To divert attention away from Russia?

    1. Re:False flag operation? by Anonymous Coward · · Score: 0

      To divert attention away from Russia?

      This is most likely real.
      Actually all the attention on Russia IS!!! the false flag attack. The so called cyber warfare against the DNC and such is our own government under mining the processes of government not the Russians.

  2. Not sure by Anonymous Coward · · Score: 5, Interesting

    What's more concerning... That the director of the CIA had his account hacked, or that he has an AOL account.

    1. Re: Not sure by Anonymous Coward · · Score: 0

      This

    2. Re:Not sure by tepples · · Score: 1

      Last time I checked, AOL Instant Messenger needed a AOL account, at least one on the free tier. Or has everybody switched from AIM to Skype?

    3. Re: Not sure by Anonymous Coward · · Score: 5, Funny

      The news tomorrow should be, 'CIA Director steps down after shameful discovery of using AOL accounts.'

    4. Re:Not sure by uvajed_ekil · · Score: 2

      Upon reading this summary, my immediate thought was, "Which is worst, that some high-ranking intelligence officials got hacked, the fact that it was so easy that kids did it without having to do any real hacking, that these high-ranking intelligence officials use AOL, or that ANYONE still uses AOL?" This makes Hillary's former IT under-achievers look like actual professionals. I think we now need to investigate whether these morons were using AOL for sensitive communications that should only go through secure and approved channels.

      Personally, I'm glad to see that this "Cracka" joker is not the infamous ytcracker, at least. When he was young he learned his lesson about not messing with US government agencies. These fools did less and will likely face worse penalties, but such are the times, I guess.

      --
      This is a hacked account, for which the owner can not be held responsible.
    5. Re:Not sure by uvajed_ekil · · Score: 1

      Last time I checked, AOL Instant Messenger needed a AOL account, at least one on the free tier. Or has everybody switched from AIM to Skype?

      Yes, everyone left AIM years ago, for Skype and others.

      --
      This is a hacked account, for which the owner can not be held responsible.
    6. Re:Not sure by ortholattice · · Score: 1

      Most of my tech friends have gmail accounts, many of them from the days when they were hard to get and almost considered a status symbol. But why is Google's data mining preferable to AOL's or any other? I know that AOL has long been derided as being associated with grandmothers and "free" AOL disks, but their basic email is free now.

      Non-tech family and friends tend to have <cable-company>.com email addresses, more or less locking them into a specific cable provider.

      As for myself, I chose an ISP that I'm pretty sure isn't interested in data mining my correspondence. And I have my own permanent domain name I can move to a different ISP should things change. I pay a small monthly fee, but it is mainly for my web site with an email account included. A small price I don't mind paying for basically total control over these things. I'd do it with my own server, but all cable companies in this area block incoming port 80 and probably others unless you buy an expensive "business" account for far more than I pay for the web site ISP.

    7. Re:Not sure by ShaunC · · Score: 4, Informative

      Last time I checked, AOL Instant Messenger needed a AOL account, at least one on the free tier.

      I still have both, but I haven't paid for AOL in 20 years. There are a lot of AIM users who never had an AOL account. Registration at aim.com was free for a long time (maybe it still is?) and I talk to a lot of people via AIM who were never AOL users. Despite the ridicule, AIM/Oscar via the Pidgin client with the OTR plugin remains a relatively secure method of communication.

      As for Skype, fuck that entirely, it's been compromised forever. If I want to holler at the NSA, I'll just yell into any phone and hope for the worst.

      --
      Thanks to the War on Drugs, it's easier to buy meth than it is to buy cold medicine!
    8. Re:Not sure by hambone142 · · Score: 1

      Caught that too. Incompetent buffoons.
      They likely have CRT monitors to boot.

    9. Re:Not sure by PopeRatzo · · Score: 1

      What's more concerning... That the director of the CIA had his account hacked, or that he has an AOL account.

      It's called a honeypot, and they took some skells off the board.

      --
      You are welcome on my lawn.
    10. Re: Not sure by Anonymous Coward · · Score: 0

      This

      Actually, since we're talking about AOL specifically here, I would be remiss to point out that rather than "this", you want to say:
      AOL!
      Which, in old Usenet speak directly translates to "me too!" Back in the day, AOLers were known on Usenet for a tendency towards just replying with "me too" in threads.

    11. Re:Not sure by Alain+Williams · · Score: 5, Interesting

      What's more concerning... That the director of the CIA had his account hacked, or that he has an AOL account.

      What really is concerning is that tech support knew ''Brennan’s account number, password and other details''. Who stores passwords in clear these days ? The only safe storage is a one way hash or something. This is vague as to exactly which tech support was tricked and which account details were revealed, but who in tech support would tell anyone someone's password ?

    12. Re:Not sure by guises · · Score: 2

      but who in tech support would tell anyone someone's password ?

      Someone they hired after they fired all of the competent people following the Snowden leaks?

    13. Re:Not sure by BlueStrat · · Score: 1

      Caught that too. Incompetent buffoons.
      They likely have CRT monitors to boot.

      What's with the CRT-hate?

      I'll have you know my SGI 061-0025-001(Sony GDM4011P) 20" 1900x1280 monitor looks *great* running on my SGI Octane!

      Strat

      --
      Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
    14. Re:Not sure by Anonymous Coward · · Score: 0

      HACK THE PLANET!

    15. Re:Not sure by Anonymous Coward · · Score: 0

      What really is concerning is that tech support knew ''Brennan’s account number, password and other details''. Who stores passwords in clear these days ?

      Companies that listen to the CIA and FBI? They need that so they can catch terrorists and definitely not so that they can have an easy time gathering or manufacturing dirt on politicians and others at the levers of power.

    16. Re:Not sure by tepples · · Score: 1

      Registration at aim.com was free for a long time (maybe it still is?) and I talk to a lot of people via AIM who were never AOL users

      That's what I meant by a "free tier AOL account", because you can log in at AOL.com with your AIM credentials.

    17. Re:Not sure by Greyfox · · Score: 2

      HEY! He got 20 HOURS of free dialup with that CD that came in the mail!

      --

      I'm trying to teach myself to set people on fire with my mind... Is it hot in here?

    18. Re:Not sure by _Sharp'r_ · · Score: 1

      Who stores passwords in clear these days ?

      You've apparently never worked on a project for a government agency.

      They're typically a combination of right-up-to-date (on things which you can just spend money on and it shows up, like a brand new laptop and monitor every year) and 20-30+ years behind (on things which require actual policy/best practices/technology knowledge).

      It doesn't shock me at all that the FBI help desk is as described. I'm a little more familiar with the IRS. In 1991 they were spending $8 Billion to modernize from their 1950s/60s system. By 1997 the IRS was already on their second or third failed "modernization" project, that one failed to the tune of $4 Billion. As recently as 2013 they were still failing to migrate from "1960s" technology to a relational database system.

      Multiply that by all the other government agencies

      Quote:

      Of 3,555 federal IT projects that cost at least $10 million, only 6 percent were a success, according to a study by the Standish Group. In addition, 52 percent of large projects were deemed "challenged," meaning they didn't meet user expectations, went over budget, or ran late. All of the remaining projects - 42 percent - were outright failures.

      And that's just quick news stories/studies from 5 minutes of Google search reading.

      Consider that AFAIK, (this being 9/11 today, its pertinent) since we reported it to them 15+ years ago, none of the Air Traffic Control radar installations have any physical security and they're still running an OS from 20+ years ago that anyone can walk up to and make modifications to. At one point, the Dept. of Agriculture turned off all their firewalls to rely on IDS only because it was too inconvenient to have to keep punching holes for more ports through them.... the stories go on and on!

      --
      The party of stupid and the party of evil get together and do something both stupid and evil, then call it bipartisan.
    19. Re:Not sure by Coren22 · · Score: 1

      AOL fired people? I wasn't aware that AOL had a recent downsizing in their tech support department.

      --
      APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
    20. Re:Not sure by Coren22 · · Score: 1

      When did AOL become a government agency?

      --
      APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
    21. Re:Not sure by _Sharp'r_ · · Score: 1

      I know it's too much to read the articles, but try to keep up with at least the summary and the thread you're replying to.

      We were discussing this line: "According to the affidavit, Cracka appears to have gotten into the law enforcement database simply by calling an FBI help desk and asking for Giuliano's password to be reset..."

      I'm pretty sure AOL doesn't provide the FBI help desk staff, nor manage authentication for their law enforcement databases....

      --
      The party of stupid and the party of evil get together and do something both stupid and evil, then call it bipartisan.
    22. Re:Not sure by Coren22 · · Score: 1

      Perhaps you should keep up with the thread?

      'Brennan’s account number, password and other details''

      that is what was responded to, this was AOL, not the FBI that had unencrypted passwords. The FBI needed to reset the password because they don't have unencrypted passwords.

      --
      APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
    23. Re: Not sure by Anonymous Coward · · Score: 0

      Hahahahehe, yeah secure enough hahaha

  3. Missing the point by pdclarry · · Score: 4, Interesting

    While it is always worthwhile to prosecute the hacker, the real question is how is it possible that the Director of the CIA was hacked? Massive incompetence in the CIA is the only possible explanation.

    1. Re:Missing the point by fl_litig8r · · Score: 5, Insightful

      This was his private e-mail, not his CIA e-mail.

    2. Re: Missing the point by Anonymous Coward · · Score: 0

      For someone at his level, there is no distinction from a security standpoint.

    3. Re:Missing the point by peragrin · · Score: 1

      When you get to the CIA doing anything on a public web host for email is wrong. You need to be running a private server.

      Republicans are grilling Hillary for using an private server both home and work. This guy needs to be executed for treason for using aol at all.

      --
      i thought once I was found, but it was only a dream.
    4. Re:Missing the point by Dahamma · · Score: 4, Insightful

      What the fuck are you talking about? Who cares if his AOL account was "at risk" if he used it for the same stupid shit more people use their AOL account for?

      Personally I prefer that government employees receive Viagra spam and pictures of their grandchildren on their private email accounts, and national security briefings on their government email accounts.

    5. Re:Missing the point by Anonymous Coward · · Score: 0

      Apparently, the CIA send his new password to that address.

    6. Re:Missing the point by AHuxley · · Score: 1

      Re 'Massive incompetence in the CIA is the only possible explanation."
      Kept it safe from the NSA, GCHQ, MI6, other parts of the CIA or other agencies... or just decades of later FOIA requests.
      The point is not to have anything thats interesting to your own staff, rogue staff, long term spies, 5 eye nations, the NSA, ex staff, former staff who might be looking or have sold/given/been of the same faith/cult and liked to give details to other govs, mils...
      The selection of a mainstream US brand is so unexpected it almost feels like a limited hangout to see who is looking.. that might have kept other US agency staff guessing about the real role of just such an account. Bait, limited hangout, a long term trap, a totally created account as part of an ongoing FBI domestic cyber trap.. something for the NSA to wonder about. Was the CIA setting a spy trap and not sharing domestically ? A trap to induce diplomatic/other gov staff to contact their deep cover staff at any level of the US gov to see it was really real.. Any search for a unique term mentioned would have been perfect.
      Thats another aspect of the US cyber teams foreign and domestic overlap that now has so much agency duplication and international help. Was it FBI, MI6, CIA joint long term bait? Did the NSA know, at what level and when?
      Recall the massive lost of US gov workers, contractors data that was kept in plain text on open servers ..
      Parts of the US gov knew people had access and hoped they would look for names online. The data walked in bulk and was totally lost ..
      But for a while all that other agency and new digital security clearance data was left and kept wide open as a huge open honeypot.
      Missed Opportunities Detailed Ahead of Personnel Agency Hack (Sep 7, 2016)
      http://abcnews.go.com/Technolo...
      ..."others to monitor the hacker to better understand his movements. "
      "Over the next several months, the hacker moved unchecked through the system and stole sensitive security clearance background investigation files, personnel files and, ultimately, fingerprint data."

      --
      Domestic spying is now "Benign Information Gathering"
    7. Re:Missing the point by Anonymous Coward · · Score: 0
      Has Hillary taught you nothing?

      How do you know they weren't the same thing?

    8. Re:Missing the point by Anonymous Coward · · Score: 0

      If Brenner was doing government business and sending and receiving classified emails on AOL, then damn straight he should be prosecuted.

      Oh, wait - Hillary's folks tell us that no reasonable person would prosecute someone for that, it's all a misunderstanding, no one that wants to be President could be expected to understand classification, and she suffered brain damage anyway so it's not her fault.

  4. Alexandria by Anonymous Coward · · Score: 1

    [The men] will be extradited next week to Alexandria.

    Holy crap, why are they sending them to Egypt?

    1. Re:Alexandria by Dahamma · · Score: 1

      This was officially the dumbest and most useless attempt at a joke on this article.

    2. Re:Alexandria by Anonymous Coward · · Score: 0

      Hey, at least it isn't Chicago.

  5. The argument for having your own e-mail server? by fl_litig8r · · Score: 5, Interesting

    I used to think that the only reason someone would want their own e-mail server would be to try to erase a central record of sent e-mails should the need arise, but after reading this summary I see that there is merit in not entrusting a third party's low level tech support person with the ability to either read or reset your password.

    In other news, Verizon knows its users' passwords? Let me guess -- they're stored in plaintext.

    1. Re:The argument for having your own e-mail server? by Anonymous Coward · · Score: 0

      Sadly this wasn't an email server. If it was, it would've been the FBI's email server. It would've been protected by people who are aware of security.
      The jobbers at AOL's tech support have little to no security training, certainly not to the FBI's standards.
      If something needs to be secure, it should be secured by professionals. Home-based email servers are no more secure than public chat-based accounts that ask for your mother's maiden name as a security question.

    2. Re:The argument for having your own e-mail server? by Anonymous Coward · · Score: 1

      The assertion that "home-based e-mail servers are no more secure than public chat based accounts" is baseless and is dependent on the knowledge level of the person who set it up and administers it, just like any other server in existence.

    3. Re:The argument for having your own e-mail server? by Anonymous Coward · · Score: 0

      In other news, Verizon knows its users' passwords? Let me guess -- they're stored in plaintext.

      No. They are stored encrypted using quadruple ROT13.

  6. The director of the CIA has an AOL account? by Anonymous Coward · · Score: 0

    ... really?

  7. We should be scared... by Anonymous Coward · · Score: 0

    What does it say about our intelligence community when the director of the CIA can be conned by a few kids?

    1. Re: We should be scared... by Anonymous Coward · · Score: 1

      Director wasn't conned, his service providers were.

  8. None of this makes any sense. by Anonymous Coward · · Score: 1

    Posing as a technician to get passwords - what?

    Law enforcement database for managing private e-mail accounts - what?

    I mean this shit could all just be made up to cover up the more embarrassing things they actually did, because if security were so lax as this story claims, every hostile nation would have pretty much everything on all high ranking intelligence officials.

  9. Yeah the guy who advises the president on security by Crashmarik · · Score: 4, Funny

    Has an AOL account ?

    Come on what does he use for personal information ? Myspace ?

  10. Not Brennan's fault by Okian+Warrior · · Score: 5, Insightful

    While it is always worthwhile to prosecute the hacker, the real question is how is it possible that the Director of the CIA was hacked? Massive incompetence in the CIA is the only possible explanation.

    This came up and was discussed on Schneier's security blog.

    In this instance the CIA director did nothing wrong. He had a strong password, didn't let it out, and had no sensitive information on this particular personal account.

    The hackers convinced AOL to to do everything on behalf of Brennan, without his knowledge or consent. All the security "best practices" in the world won't help if you can convince someone at the ISP to let you in.

    To his credit, Brennan used this account for personal purposes, and apparently there was absolutely nothing of a sensitive nature there.

    1. Re: Not Brennan's fault by Anonymous Coward · · Score: 0

      The article says there were sensitive files stolen from his personal email account. If true, he shouldn't have had them there.

    2. Re: Not Brennan's fault by ninthbit · · Score: 1

      They've already established that high level government officials can use their personal accounts for official sensitive data. The rules are more like recommendations at the SES and above levels.

    3. Re: Not Brennan's fault by uvajed_ekil · · Score: 3, Informative

      The article says there were sensitive files stolen from his personal email account. If true, he shouldn't have had them there.

      From a Wired article dated almost a year ago:
      "News of the hack was first reported by the New York Post after the hacker contacted the newspaper last week. The hackers described how they were able to access sensitive government documents stored as attachments in Brennan’s personal account because the spy chief had forwarded them from his work email.
      The documents they accessed included the sensitive 47-page SF-86 application that Brennan had filled out to obtain his top-secret government security clearance. Millions of SF86 applications were obtained recently by hackers who broke into networks belonging to the Office of Personnel Management. The applications, which are used by the government to conduct a background check, contain a wealth of sensitive data not only about workers seeking security clearance, but also about their friends, spouses and other family members. They also include criminal history, psychological records and information about past drug use as well as potentially sensitive information about the applicant’s interactions with foreign nationals—information that can be used against those nationals in their own country."

      Sounds pretty bad to me, but I doubt he'll receive the same level of scrutiny as Hillary Clinton has, because it isn't as interesting politically.
      Source: https://www.wired.com/2015/10/... -- interesting article.

      --
      This is a hacked account, for which the owner can not be held responsible.
    4. Re:Not Brennan's fault by Anonymous Coward · · Score: 1

      Ahem, he did nothing wrong at all... OTHER THAN CHOOSE TO USE AOL... dumbass is as dumbass does. Although it was a personal account so who gives a shit so why are these people being prosecuted exactly? How about prosecute the AOL morons that let this happen.

    5. Re: Not Brennan's fault by hey! · · Score: 1

      Personal information about a high ranking intelligence official is intrinsically sensitive.

      Intelligence agencies put a lot of time in by smart people teasing out deductions from apparently innocuous information about high ranking foreign officials. Back in the Cold War it was called "Kremlinology".

      Of course there's only so much you you can do about it. People have private lives and leave traces of information behind. You can never be sure what anyone can do with any piece of data, because it's connecting different data points that generates insight.

      --
      Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
    6. Re:Not Brennan's fault by Luthair · · Score: 1

      Why would a high value target use a commodity grade email service?

    7. Re:Not Brennan's fault by grasshoppa · · Score: 1

      All the security "best practices" in the world won't help if you can convince someone at the ISP to let you in.

      I can't help but feel as though you're missing the joke, hence I quoted the relevant part.

      --
      Mod me down with all of your hatred and your journey towards the dark side will be complete!
    8. Re:Not Brennan's fault by radarskiy · · Score: 2

      For high enough target value, all services look commodity grade.

    9. Re: Not Brennan's fault by Anonymous Coward · · Score: 0

      SF86 is information about your background and upbringing. It includes your criminal record, education, current and past employers, current and past residences, neighbors that knew you there, lists of family, friends, and acquaintances - especially foreign ones. It is used primarily to find out who the investigators should talk to, in order to discover more about the person being investigated.

      While quite useful for identity theft, it is hardly classified information. At worst it could be personally embarrassing to Brenner. It has no impact, what-so-ever, on the United States or its national security. This is why the SF86 is NOT CLASSIFIED in any way.

      That's why it is completely different than Hillary's use of personal email to illegally avoid FOIA requests and mishandle classified information in violation of the law.

    10. Re: Not Brennan's fault by Dahamma · · Score: 1

      It didn't say there were *government* sensitive, files, it said they were personally sensitive files - primarily his application for Top Secret clearance, which I assume was emailed from his personal accounts since he obviously didn't HAVE a government/CIA account yet.

      By definition he didn't have access to classified information when he filled it out, so it couldn't have contained information that was classified when he filled it out...

      It would be like you applying for a mortgage, and you SSN and bank account info being leaked. Definitely sensitive to you, but far from government classified.

    11. Re: Not Brennan's fault by strikethree · · Score: 1

      The documents they accessed included the sensitive 47-page SF-86 application that Brennan had filled out to obtain his top-secret government security clearance.

      An SF86 form is filled out by and "owned" by the individual. It is NOT a secret government document. Yes, it has tons of personal information in it about him and his family.

      Sounds pretty bad to me, but I doubt he'll receive the same level of scrutiny as Hillary Clinton has, because it isn't as interesting politically.

      Why would it receive scrutiny? There is nothing illegal about a person storing personal information in their own email account. Stupid? Probably. Illegal? Not a chance.

      --
      "Someone needs to talk to the tree of liberty about its ghoulish drinking problem." by ohnocitizen
  11. Good work by Anonymous Coward · · Score: 0

    Lock them up for life. Hackers deserve neither respect nor justice.

  12. Would? Worth trying over and over, so they do by raymorris · · Score: 1

    > every hostile nation would have pretty much everything on all high ranking intelligence officials.

    Would it be worth it to China to spend a million dollars trying all sorts of ways to get into the President's email, or the secretary of state? Of course it would. If the

  13. These are the... by Anonymous Coward · · Score: 0

    SAME people who want to have access to everyones communications...
    A bit ironic. And those poor hackers are gonna catch it.
    They should've waited until they could work for the FBI to do this....

    HAHAHAhahahaha (breath in ) HAHAHA hahahahaha!

  14. Re:Yeah the guy who advises the president on secur by Anonymous Coward · · Score: 0

    really what a moron.
    he should have his own email server in his basement.
    ask Hillary about it, easy foolproof security.

    and really what does a high level CIA person even need with a private email on a service NOT run by the agency.
    sounds like a security risk to me.

  15. I hit Submit too soon by raymorris · · Score: 1

    I accidentally hit submit before I was done writing.

    > every hostile nation would have pretty much everything on all high ranking intelligence officials.

    Would it be worth it to China to spend a million dollars trying all sorts of ways to get into the President's email, or the secretary of state? Of course it would. If they tried hundreds or even thousands of different hacks, would they eventually get lucky? Sure, probably.

    Therefore they probably have tried thousands of times, and eventually been successful. I would be suprised if after all that trying they never succeeded. Once they got a toehold, it's relatively easy to expand access.

    1. Re:I hit Submit too soon by Anonymous Coward · · Score: 0

      Which is why the President's email is protected by actual security. Bad actors can't try hundreds or thousands of hacks. They can try a few, sure, but it's by no means a sure thing and it's very unlikely to succeed before their source gets blackholed. You know this by how such a hack hasn't actually happened... or at least if it has, no one's been forwarding the emails to the Free Palestine Movement.

  16. I like the internet better. by Anonymous Coward · · Score: 0

    When it took some intelligence to use a computer and created a bar to entrance.

  17. So the gov't uses... by Anonymous Coward · · Score: 0

    10 year old AOL CDs to get online?

  18. Interesting article by Anonymous Coward · · Score: 0

    Interesting article but I'm not clicking those links to read it. Just asking to get super cookied.

  19. Re:Yeah the guy who advises the president on secur by Anonymous Coward · · Score: 0

    He probably has bills to pay and family to keep up with like every other person out there.

  20. He got his AOL account hacked? by jetkust · · Score: 1

    1996 called ...

    1. Re:He got his AOL account hacked? by Anonymous Coward · · Score: 1

      1996 called? Did you warn them?!!

  21. Our head of intelligence by fred911 · · Score: 1

    Has an AOL account? Jeeze, that just about says it all doesn't it?

    --
    09 F9 11 02 9D 74 E3 5B - D8 41 56 C5 63 56 88 C0 45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2
    1. Re:Our head of intelligence by Anonymous Coward · · Score: 0

      He probably had the same email address forever, and shared the address with others over 20+ years.

  22. Re: Diversity = WHITE GENOCIDE by Anonymous Coward · · Score: 0

    Not sure why you were downvoted. You only speak the truth.

  23. Re:Did you know? by Anonymous Coward · · Score: 1

    Calm the fuck down, Mr. Clapper. We'll get you a car. Just relax, will you? There are microphones around.

  24. Life imitates art by Zeroko · · Score: 1

    This sounds suspiciously like part of the story in Hackers.

  25. se bebe ou cheira e fas festinha pedo é PUTA by Anonymous Coward · · Score: 0

    pior é o pedro tentando casar o felipe com a filha do camaro 55

  26. Sensitive files by Okian+Warrior · · Score: 1

    The article says there were sensitive files stolen from his personal email account. If true, he shouldn't have had them there.

    Whoosh.

  27. Re:Diversity = WHITE GENOCIDE by Anonymous Coward · · Score: 0

    Probably because it was mostly the white countries that enslaved or "colonized" all of the non-white people from other countries over the last few hundred years. Ever wonder why there is "slavery" and "white slavery" - and somehow still now only the latter is somehow unthinkably barbaric to many people?

  28. Re: Diversity = WHITE GENOCIDE by Anonymous Coward · · Score: 0

    Sorry, I couldn't resist replying to myself here, since I knew no one else would by able to stroke my nuts like this.

  29. Re:Yeah the guy who advises the president on secur by uvajed_ekil · · Score: 2

    He probably has bills to pay and family to keep up with like every other person out there.

    And that's fine, but all of the sensitive attachments he forwarded from his government account to his AOL account are a pretty damn serious matter. Brennan was definitely not just using his AOL email account to pay bills and see if his brother wanted to play golf on Sunday.

    --
    This is a hacked account, for which the owner can not be held responsible.
  30. Re:Diversity = WHITE GENOCIDE by Anonymous Coward · · Score: 0

    The white countries did their best to drag the others out of the stone age. We should have just crushed the first one that rebelled to take the spirit out of the others. Long live Rhodesia.

  31. Re:Diversity = WHITE GENOCIDE by rossdee · · Score: 2

    }
    "Probably because it was mostly the white countries that enslaved or "colonized" all of the non-white people from other countries over the last few hundred years.}
    "

    I guess you missed The Greater East Asia Co-Prosperity Sphere

    They did plenty of conquering and enslaving in the 30's and 40'e

    And they are still not 'diverse'

  32. arrest the CIA directory by ooloorie · · Score: 1

    For a government official to use an AOL account for anything should be a criminal offense.

  33. How come nobody was arrested when my personal emai by Anonymous Coward · · Score: 0

    I really want to know why I should give any shits about some important guy having his personal email hacked. Convince me why, if they're not conducting any business related to their important positions, that it should matter at all.

  34. Re:Yeah the guy who advises the president on secur by Anonymous Coward · · Score: 0

    From what I've heard there is precedent for this being a trivial matter not fit for punishment.

  35. Re:Yeah the guy who advises the president on secur by Tablizer · · Score: 2

    Hey, AOL is for serious work. Shut up!
      - Colin P.

    --
    Table-ized A.I.
  36. I'm sorry I don't believe this by roc97007 · · Score: 1

    It's right up there on top. The sentence with "cia director" and "aol account". That's impossible.

    --
    Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
  37. Re:Diversity = WHITE GENOCIDE by Anonymous Coward · · Score: 0

    I hope your history books didn't forget to show you that most African tribes were quite happy to enslave their enemies (also Africans) and sell them to the white people.

  38. AOL IS FUCKING GEENIUS. ER GIENUS, ER... by TiggertheMad · · Score: 4, Funny

    I said the same thing at first, but if you think about it, its brilliant. When the KGB tries to hack into his personal account, they see it is an AOL account and say, 'Neyt comrade, you are mistakekink. Thees coold not be direcktors account, only retarded child use AOL account. Must be, how you say, hunny pit? Ve keep lookikink elsever.'

    These CIA guys, always throwing fucking curve balls. They are like, Inception deep.....

    --

    HA! I just wasted some of your bandwidth with a frivolous sig!
  39. Getting a Head in Life by Anonymous Coward · · Score: 0

    According to the affidavit, Cracka appears to have gotten into the law enforcement database simply by calling an FBI help desk and asking for Giuliano's password to be reset..."

    "One member told CNN [In a video interview] that he smoked marijuana 'all day every day' and was 'probably' high when gaining access to high-level accounts."

    See, any social engineering attack will succeed if you are relaxed and self-assured enough.

  40. resetting passwords by dnaumov · · Score: 1

    I work at a large finnish ISP. We employ a very simple method to avoid problems with impostors trying to reset account passwords and the like, we do not, under any circumstances, reset the password on the customer's behalf. The customer has to do it him/herself. In theory, we are not forbidden from resetting a password, but we are (under penalty of immediate termination) forbidden from giving up the new password to anyone via any form of communication. The customer has to do the resetting him/herself via the account management page.

    If the customer has forgotten the credentials to the account management page, he can get into it using his standard 2-factor online banking authentication (in Finland, ALL banks are part of this system and many public and large private services utilise the provided auth API for authorisation), Yes, we understand older clients might find this inconvenient, but no amount of yelling and screaming is going to make any of our reps divulge a password directly. If the customer can't find the account management page or navigate it, we an offer a remote desktop connection to caller's computer and help them with that, but the caller still has to authenticate, we just show them what links to click and where.

  41. Hacked?... by Anonymous Coward · · Score: 0

    I think the most "worrying" (I don't f* care :v ) thing is that the director of the CIA got 'Social Engineered', that alone says a lot xD

  42. Shock by Anonymous Coward · · Score: 0

    Shocking News just in......Let's go over to Micheal now.... This is Micheal Dewert reporting live from the scene of this most audacious and shocking crime. The director of the CIA John Brennan has admitted he has been using an email account with Assholes OnLine, the crummy ISP who believed their world view was to dominate the ISP markets in the early 90's, unfortunately only Assholes signed up for their limited and censored ISP network thus earning them the title of Asshoes OnLine (AOL). This shocking truth has just come out with the release of 2 arrests of hackers who managed to gain access to John Brennan's email account using the password "password", this is shocking news that comes from the the top man at the CIA, who job is to look after and protect the USA's intrests and security matters. Perhaps, his use of an Asshole OnLine email account was a security measure in it;s self as no foreign powers would of dreamed the major man at the CIA who use should a low unsosphiscated account. This is Micheal Dewert and now back to the studio....

  43. Re:Yeah the guy who advises the president on secur by Anonymous Coward · · Score: 0

    Except that did not happen. There was no sensitive attachments. Not even OpSec breaches. Either you read that somewhere that invented it or your subconscious expected it.

    All the same, it didn't happen in this case. Maybe you were confusing the CIA director with the Secretary of State.

  44. Re: Diversity = WHITE GENOCIDE by Anonymous Coward · · Score: 0

    How did the Dutch get African slaves in what is now Ghana?

    A. They matched in land and grabbed Africans.
    B. They setup a trading post on the coast and paid Africans for other Africans.
    C. Whenever one tribal group beat another tribal group, the victors would drag the losers from in land areas to the coast. The losers were then sold as slaves to the Dutch.

    Hint, the answer is B and C.

  45. his message by Anonymous Coward · · Score: 0

    "You've got classified mail!"

  46. Something you never hear. by ememisya · · Score: 1

    CIA! Freeze!

    1. Re:Something you never hear. by Anonymous Coward · · Score: 0

      No, because the mannequin was tagged the month before and is now only showing signs of the disease called *@& D*(&XCX^ZC

      [NO CARRIER]

  47. My thoughts exactly! by Anonymous Coward · · Score: 0

    And I couldn't figure out which.

  48. Bush administration policy was to use AOL by Anonymous Coward · · Score: 0

    Long ago, during the George W. Bush era, I read an article, in EE Times I think, about wom (write-once-media). The author mentioned in passing that the White House had such a system installed to insure a valid record of all of the email and that administration policy was to use AOL so as to bypass it.

    I found it hard to believe.

    Recently I saw Colin Powell interviewed saying that he told Hillary when she became Secretary of State that she should use AOL like he did.

    Wow! Confirmation...

  49. Bush Administration policy was to use AOL by Anonymous Coward · · Score: 0

    A long time ago during the George W. Bush administration I read an article about wom (write-once-media). I think it was in EE Times. The author mentioned in passing that the White House had such a system installed which recorded for posterity all of the administration emails and that as a result White House policy was to use AOL to bypass the record keeping.

    At the time I found that shocking and unbelievable.

    Recently I saw Colin Powell interviewed and he said that when Hillary succeeded him as Secretary of State that she should do what he did: use AOL.

    Wow. Confirmation of something unbelievable. Now I just watch our propaganda machine rant about Hillary's much more secure private server and shake my head.

  50. I'm sorry, but what??? by Puppet+Master · · Score: 1

    The group used social engineering to access the email accounts of John Brennan, the director of the CIA, as well as the Director of National Intelligence, and former FBI deputy director Mark Giuliano, according to the article. One exploit involved "posing as a Verizon technician and tricking the company's tech-support unit into revealing the CIA director's account number, password and other details.

    That IT department (in CIA/FBI) should be fired. Everyone knows that there is no reason for Verizon to ask for any passwords. If they were that easily socially engineered, I'm seriously afraid for this country.

    --
    The day Microsoft creates a product that doesn't suck, it will be known as the Microsoft Vaccuum Cleaner!