Arrests Made After Group Hacks CIA Director's AOL Account

Slashdot reader FullBandwidth writes: U.S. authorities have arrested two North Carolina men accused of hacking into the private email accounts of high-ranking U.S. intelligence officials. [The men] will be extradited next week to Alexandria, where federal prosecutors for the Eastern District of Virginia have spent months building a case against a group that calls itself Crackas With Attitude... Authorities say the group included three teenage boys being investigated in the United Kingdom.
The group used social engineering to access the email accounts of John Brennan, the director of the CIA, as well as the Director of National Intelligence, and former FBI deputy director Mark Giuliano, according to the article. One exploit involved "posing as a Verizon technician and tricking the company's tech-support unit into revealing the CIA director's account number, password and other details." An FBI affidavit alleges that a British teenager named "Cracka" also began forwarding the calls of a former FBI deputy director "to a number associated with the Free Palestine Movement," while "D3F4ULT" paid for a campaign of harassing phone calls. In addition, "According to the affidavit, Cracka appears to have gotten into the law enforcement database simply by calling an FBI help desk and asking for Giuliano's password to be reset..."

"One member told CNN [In a video interview] that he smoked marijuana 'all day every day' and was 'probably' high when gaining access to high-level accounts."

Not sure

What's more concerning... That the director of the CIA had his account hacked, or that he has an AOL account.

Re: Not sure

The news tomorrow should be, 'CIA Director steps down after shameful discovery of using AOL accounts.'

Re:Not sure

[uvajed_ekil]

Upon reading this summary, my immediate thought was, "Which is worst, that some high-ranking intelligence officials got hacked, the fact that it was so easy that kids did it without having to do any real hacking, that these high-ranking intelligence officials use AOL, or that ANYONE still uses AOL?" This makes Hillary's former IT under-achievers look like actual professionals. I think we now need to investigate whether these morons were using AOL for sensitive communications that should only go through secure and approved channels.

Personally, I'm glad to see that this "Cracka" joker is not the infamous ytcracker, at least. When he was young he learned his lesson about not messing with US government agencies. These fools did less and will likely face worse penalties, but such are the times, I guess.

Re:Not sure

[ShaunC]

Last time I checked, AOL Instant Messenger needed a AOL account, at least one on the free tier.

I still have both, but I haven't paid for AOL in 20 years. There are a lot of AIM users who never had an AOL account. Registration at aim.com was free for a long time (maybe it still is?) and I talk to a lot of people via AIM who were never AOL users. Despite the ridicule, AIM/Oscar via the Pidgin client with the OTR plugin remains a relatively secure method of communication.

As for Skype, fuck that entirely, it's been compromised forever. If I want to holler at the NSA, I'll just yell into any phone and hope for the worst.

Re:Not sure

[Alain+Williams]

What's more concerning... That the director of the CIA had his account hacked, or that he has an AOL account.

What really is concerning is that tech support knew ''Brennan’s account number, password and other details''. Who stores passwords in clear these days ? The only safe storage is a one way hash or something. This is vague as to exactly which tech support was tricked and which account details were revealed, but who in tech support would tell anyone someone's password ?

Re:Not sure

[guises]

but who in tech support would tell anyone someone's password ?

Someone they hired after they fired all of the competent people following the Snowden leaks?

Re:Not sure

[Greyfox]

HEY! He got 20 HOURS of free dialup with that CD that came in the mail!

Missing the point

[pdclarry]

While it is always worthwhile to prosecute the hacker, the real question is how is it possible that the Director of the CIA was hacked? Massive incompetence in the CIA is the only possible explanation.

Re:Missing the point

[fl_litig8r]

This was his private e-mail, not his CIA e-mail.

Re:Missing the point

[Dahamma]

What the fuck are you talking about? Who cares if his AOL account was "at risk" if he used it for the same stupid shit more people use their AOL account for?

Personally I prefer that government employees receive Viagra spam and pictures of their grandchildren on their private email accounts, and national security briefings on their government email accounts.

The argument for having your own e-mail server?

[fl_litig8r]

I used to think that the only reason someone would want their own e-mail server would be to try to erase a central record of sent e-mails should the need arise, but after reading this summary I see that there is merit in not entrusting a third party's low level tech support person with the ability to either read or reset your password.

In other news, Verizon knows its users' passwords? Let me guess -- they're stored in plaintext.

Yeah the guy who advises the president on security

[Crashmarik]

Has an AOL account ?

Come on what does he use for personal information ? Myspace ?

Not Brennan's fault

[Okian+Warrior]

While it is always worthwhile to prosecute the hacker, the real question is how is it possible that the Director of the CIA was hacked? Massive incompetence in the CIA is the only possible explanation.

This came up and was discussed on Schneier's security blog.

In this instance the CIA director did nothing wrong. He had a strong password, didn't let it out, and had no sensitive information on this particular personal account.

The hackers convinced AOL to to do everything on behalf of Brennan, without his knowledge or consent. All the security "best practices" in the world won't help if you can convince someone at the ISP to let you in.

To his credit, Brennan used this account for personal purposes, and apparently there was absolutely nothing of a sensitive nature there.

Re: Not Brennan's fault

[uvajed_ekil]

The article says there were sensitive files stolen from his personal email account. If true, he shouldn't have had them there.

From a Wired article dated almost a year ago:
"News of the hack was first reported by the New York Post after the hacker contacted the newspaper last week. The hackers described how they were able to access sensitive government documents stored as attachments in Brennan’s personal account because the spy chief had forwarded them from his work email.
The documents they accessed included the sensitive 47-page SF-86 application that Brennan had filled out to obtain his top-secret government security clearance. Millions of SF86 applications were obtained recently by hackers who broke into networks belonging to the Office of Personnel Management. The applications, which are used by the government to conduct a background check, contain a wealth of sensitive data not only about workers seeking security clearance, but also about their friends, spouses and other family members. They also include criminal history, psychological records and information about past drug use as well as potentially sensitive information about the applicant’s interactions with foreign nationals—information that can be used against those nationals in their own country."

Sounds pretty bad to me, but I doubt he'll receive the same level of scrutiny as Hillary Clinton has, because it isn't as interesting politically.
Source: https://www.wired.com/2015/10/... -- interesting article.

Re:Not Brennan's fault

[radarskiy]

For high enough target value, all services look commodity grade.

Re:Yeah the guy who advises the president on secur

[uvajed_ekil]

He probably has bills to pay and family to keep up with like every other person out there.

And that's fine, but all of the sensitive attachments he forwarded from his government account to his AOL account are a pretty damn serious matter. Brennan was definitely not just using his AOL email account to pay bills and see if his brother wanted to play golf on Sunday.

Re:Diversity = WHITE GENOCIDE

[rossdee]

}
"Probably because it was mostly the white countries that enslaved or "colonized" all of the non-white people from other countries over the last few hundred years.}
"

I guess you missed The Greater East Asia Co-Prosperity Sphere

They did plenty of conquering and enslaving in the 30's and 40'e

And they are still not 'diverse'

Re:Yeah the guy who advises the president on secur

[Tablizer]

Hey, AOL is for serious work. Shut up!
  - Colin P.

AOL IS FUCKING GEENIUS. ER GIENUS, ER...

[TiggertheMad]

I said the same thing at first, but if you think about it, its brilliant. When the KGB tries to hack into his personal account, they see it is an AOL account and say, 'Neyt comrade, you are mistakekink. Thees coold not be direcktors account, only retarded child use AOL account. Must be, how you say, hunny pit? Ve keep lookikink elsever.'

These CIA guys, always throwing fucking curve balls. They are like, Inception deep.....