Slashdot Mirror

← Back to Stories (view on slashdot.org)

A 15-Year-Old Convinced Verizon He Was the Head of the CIA (newsweek.com)

Posted by EditorDavid on from the one-factor-authentication dept.

schwit1 shares an interesting story. Newsweek reports: A British teenager managed to obtain access to sensitive U.S. plans about intelligence operations in different Middle East countries by acting as former CIA Director John Brennan, a court heard on Friday. Kane Gamble, 18, researched Brennan and used the information he gathered to speak to an internet company and persuade call handlers to give him access to the spy chief's email inbox in 2015. He pretended to be both a Verizon employee and Brennan to access Brennan's internet account.

Astonishingly, Gamble managed to gain access to Brennan's emails and his addressbook, as well as his iCloud storage. He even managed to remotely access the iPad of Brennan's wife... Gamble, aged 15 at the time, also persuaded a helpdesk at the FBI that he was the then deputy director Mark Giuliano... In October 2017, Gamble pleaded guilty to 10 charges, including eight charges of "performing a function with intent to secure unauthorized access" to the computers and two of "unauthorized modification of computer material."

60 of 143 comments (clear)

  1. Re:Good by hambone142 · · Score: 2, Insightful

    Not only I.T. but most categories.

    Government workers are often chosen due to aspects unrelated to ability.

    We shouldn't expect much from them.

  2. Re:Good by PopeRatzo · · Score: 5, Funny

    Government workers are often chosen due to aspects unrelated to ability.

    Unlike private businesses, where employees are chosen purely on merit.

    https://pbs.twimg.com/media/Cy...

    --
    You are welcome on my lawn.
  3. Mainstream media will give little airtime to this by bogaboga · · Score: 1, Insightful

    Yes, they will accord little to no serious air time to this story. Instead, they will promote the so called [Russian] "collusion", something I have never bought.

    But that aside, isn't this rather embarrassing?

  4. ayy by thebullshitpatrol · · Score: 1

    No zero-day reward?

    1. Re:ayy by bobstreo · · Score: 1

      No zero-day reward?

      Stupidity is its own reward. The gift that keeps on giving until you win a Darwin award.

  5. Re:The Absurdity Of Claiming To Be An Atheist by Anonymous Coward · · Score: 1

    tl;dr

  6. Re:The Absurdity Of Claiming To Be An Atheist by Chris+Mattern · · Score: 2

    Wow, that's a really long post for insisting you believe in magical invisible pink unicorns. What, you don't believe in magical invisible pink unicorns? But you have to! You can't prove they don't exist!

  7. They need to give him a JOB by Anonymous Coward · · Score: 3, Insightful

    Waste of talent in prison

    1. Re:They need to give him a JOB by Anonymous Coward · · Score: 3, Funny

      He has a future in politics

    2. Re: They need to give him a JOB by mrchew1982 · · Score: 1

      No kidding, they should be hiring the kid, not sending him to prison!

    3. Re: They need to give him a JOB by gravewax · · Score: 2

      why? social engineerings isn't some amazing skill. It just requires a little research and a huge pair of cojona's

    4. Re:They need to give him a JOB by JeffOwl · · Score: 1

      I suppose if you thought you could watch over his shoulder enough to ensure he was actually doing what you hired him to do, and no more... But I think we've demonstrated over the years that we really aren't very good at that.

    5. Re:They need to give him a JOB by duke_cheetah2003 · · Score: 1

      Waste of talent in prison

      Social engineering isn't talent. It's just being smooth and convincing when talking to people. This feat while not insignificant, isn't really all that news worthy. From the perspective of a network attack, he simply went for the weakest link: The Humans.

      Also, just because he was clever and broke into places he shouldn't be doesn't make him some kind of hero or genius. It's not like he used this talent to acquire something useful to ALL of us, like say, for example, Edward Snowden did. A con man (starting young) is caught, prosecuted and jailed. Nothing to see here.

    6. Re:They need to give him a JOB by mars-nl · · Score: 1

      He is a hero in the sense he pointed out major flaws in how Verizon handles security and in how the CIA director handles security (iCloud, really?). All companies and governments (can) learn big lessons from this that is worth as much as sending 10000 people to a security course.

    7. Re: They need to give him a JOB by butchersong · · Score: 1

      "Aye-up govnah. I head of the CIA. I'm a bleedin' high flier of 100% US decent and I need access to all yer files..." Genius.

    8. Re: They need to give him a JOB by swillden · · Score: 1

      cojonas

      Female testicles? Would those be ovaries?

      I'm not sure if this is better or worse than the other misspelling of "cojones" that I often see, which is "cajones" (meaning "large boxes", usually referring to drawers in dressers and cabinets).

      --
      Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
    9. Re: They need to give him a JOB by gravewax · · Score: 1

      this is not a rare skill. It is one of the easiest positions to fill in security teams as literally a shit ton of people can do it, all it requires is confidence and being well prepared.

  8. So many mistakes, on so many levels... by QuietLagoon · · Score: 2

    Hopefully Verizon, et alia, will learn something from this.

    1. Re:So many mistakes, on so many levels... by Anonymous Coward · · Score: 1

      The Verizon and other employees and their supervisors who create their service policies don't face charges, so no, nothing will probably happen for a long time. Only when people start dying, something will happen eventually when the body count is high enough for the pattern to be noticed.

  9. Re:Mainstream media will give little airtime to th by Anonymous Coward · · Score: 1

    Yes, it's rather embarrassing this is being posted now 4 months after his trial and 2 weeks after his sentencing as reported by the mainstream media.

  10. secret infomation on non-secure devices? by joe_frisch · · Score: 2

    Is this implying that the CIA director keeps secret information on things like ipads and non-secure cloud storage????

    1. Re:secret infomation on non-secure devices? by JaredOfEuropa · · Score: 1

      Not necessarily. Maybe he only managed to get at the victim's personal email and holiday pics. But if that victim happens to be the director of the FBI, you gonna have a bad time regardless.

      --
      If construction was anything like programming, an incorrectly fitted lock would bring down the entire building...
    2. Re:secret infomation on non-secure devices? by 93+Escort+Wagon · · Score: 2

      This student got access to the CIA Director’s accounts and certain devices, not those of the FBI Director.

      Additionally the summary says he “also persuaded a helpdesk at the FBI that he was the then deputy director Mark Giuliano”, but doesn’t say he accomplished anything with that.

      --
      #DeleteChrome
    3. Re:secret infomation on non-secure devices? by joe_frisch · · Score: 1

      May well be true, but then there isn't that much to the story.

    4. Re:secret infomation on non-secure devices? by thegarbz · · Score: 1

      Is this implying that the CIA director keeps secret information on things like ipads and non-secure cloud storage????

      Is this implying you don't realise the number of companies and governments who have approved cloud storage and mobile devices to store secret data?

      The iPad part of your comment is especially headscratcing. For all the shit I heap on Apple constantly, failure to offer ways to secure data on devices is not something I criticise them on.

    5. Re:secret infomation on non-secure devices? by joe_frisch · · Score: 1

      I don't know if there are any approved cloud storage solutions for classified data. It would surprise me, but its possible. Most secret data has to stored on isolated networks. If they exist, I can't imagine that icloud is one of them. I don't expect Apple to offer a classified data storage solution, it doesn't seem like that fits with their business model. I do expect anyone with access to classified or even sensitive data to keep that data only on secure devices.

      A hack of the CIA directors icloud storage should have turned up things like family photos and shopping lists, not sensitive information on mid-east policies.

  11. Re:Shut up Americans by Dutchmaan · · Score: 2

    ....and whom do you represent please?

  12. Re:Mainstream media will give little airtime to th by Gravis+Zero · · Score: 3

    Yes, they will accord little to no serious air time to this story. Instead, they will promote the so called [Russian] "collusion", something I have never bought.

    Of course, why wouldn't they? One issue will have an effect on a tiny group of people over their lifetimes while the other issue has the potential to impact just about every person on the planet. Also, even if you don't believe it, you should see this how the president does, "think of the ratings!"

    --
    Anons need not reply. Questions end with a question mark.
  13. Re:Good by Tablizer · · Score: 1

    The USA government types are incompetent with IT.

    Most organizations are, public or private. Give the executives and marketers pretty eye-candy and they are happy. The rest is second fiddle.

    --
    Table-ized A.I.
  14. So this means... by bradley13 · · Score: 5, Insightful

    If this: "military operations and intelligence operations in Afghanistan and Iran" ...is the kind of thing that John Brennen keeps on an ISPs servers, instead of secured government systems, then he needs the cell right next to Hillary.

    Oh, right. They are our betters. Laws don't apply to them.

    --
    Enjoy life! This is not a dress rehearsal.
  15. Re:All I can say is wow by PPH · · Score: 1

    Right.

    And it was taking advantage of the fact that, generally, big shots in the government and industry don't like to go through the normal channels us plebes would have to. John Brennan or Mark Giuliano's iPad can't connect? They call the help desk and expect a fix Right Now! Ask them for some sort of identity verification and you'll risk getting on some TLA's shit list. So you reset their password or do whatever they ask for.

    The FBI is particularly susceptible to social engineering attacks. To the point that, when they had more responsibility for conducting background checks for security clearances, the DoD was always bitching about how they were giving up more information than they were collecting while interviewing friends/neighbors.

    --
    Have gnu, will travel.
  16. Re:The Absurdity Of Claiming To Be An Atheist by sky_khan72 · · Score: 1

    Sorry, I have not read all this bull... uhhm, letin. I mean bulletin. Anyway, you are essentially right. Because of this, You (and some people like you) are the reason why I am a pastafarian for a while. I believe in our holy moly god, Flying Spaghetti Monster. Why ? Just because nobody can disprove this. So, I believe that he created the the earth and universe while being a little tipsy and I believe you would not exist if he had created earth soberly.

  17. Re:Good by hey! · · Score: 2

    The question is, is any organization actually competent with IT?

    --
    Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
  18. Re:Good by AvitarX · · Score: 1

    Isn't this about Verizon failing, not the gov?

    --
    Wow, sent an e-mail as suggested when clicking on "use classic" banner, and got a fast response that addressed my msg
  19. Re: The Absurdity Of Claiming To Be An Atheist by Anonymous Coward · · Score: 1

    God damnit! How many times do we have to do this? I swear to god I'm an atheist!

  20. Wrong person by Geekbot · · Score: 1

    15 year old cons yahoo or whoever into giving up an email account. Wrong person is going to jail.

    1. Re:Wrong person by MrL0G1C · · Score: 1

      Unlikely he'll go to jail, he's a kid and this is the UK. Having said that, strings could get pulled or threats made, it likely depends on what the judge gets up to in his spare time.

      --
      Waterfox - a Firefox fork with legacy extension support, security updates and better privacy by default.
  21. Re:All I can say is wow by Anne+Thwacks · · Score: 1
    taking advantage of the fact that, generally, big shots in the government and industry think like 15 year olds.

    FTFY

    --
    Sent from my ASR33 using ASCII
  22. Re: Good by PopeRatzo · · Score: 2, Funny

    I hear Putin keeps a secret harem of boys.

    And he likes to call them all, "Donald".

    --
    You are welcome on my lawn.
  23. Re:Good by 93+Escort+Wagon · · Score: 2

    The USA government types are incompetent with IT.

    Isn't this about Verizon failing, not the gov?

    The Slashdot reader types are incompetent with reading.

    --
    #DeleteChrome
  24. Re:Good by angel'o'sphere · · Score: 2

    The easy answer is yes.
    I yesterday had a mandatory 'internet security' training.
    The trainer is a 'high guy' in the security department/IT department.
    He claimed, a 'reply-to' tag/field is added to an received email when 'the mail server' recognizes that the real adress from where the email came is not the same as in the 'from field'.
    And then again, if 'from' and 'reply-to' does not match, the mail is flagged as spam or suspicious.

    --
    Cost free eBook I read (by iBook/Kobo/Amazon/ObookO/Gutenberg etc.): "The Green Odyssey" by Philip Jose Farmer.
  25. Re:All I can say is wow by PPH · · Score: 1

    Sperg out if they don't get what they want? Yeah.

    --
    Have gnu, will travel.
  26. Re:Shut up Americans by Anonymous Coward · · Score: 1

    If you know that AC is a she, you're that AC.

  27. Re:Mainstream media will give little airtime to th by serviscope_minor · · Score: 3, Insightful

    Yes, they will accord little to no serious air time to this story

    Good job denying reality. It's on literally every main stream media site.

    --
    SJW n. One who posts facts.
  28. Re: The Absurdity Of Claiming To Be An Atheist by nitehawk214 · · Score: 1

    I am both an atheist and the director of the CIA.

    --
    I'm a good cook. I'm a fantastic eater. - Steven Brust
  29. Re:The Absurdity Of Claiming To Be An Atheist by Memnos · · Score: 1

    You must have some pretty ugly psychological scars for the batshit crazy to be so strong in you.

    --
    I don't trust atoms -- they make up stuff.
  30. Re:Good by hey! · · Score: 1

    The problem is even bad operations get some things right.

    --
    Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
  31. Re:Good by vtcodger · · Score: 3, Insightful

    "Isn't this about Verizon failing, not the gov?"

    Largely. However in a perfect world Brennan's Verizon accounts would contain nothing but emails to his family and friends, ecommerce orders and confirmations, and the usual spam. All his government traffic would be from his .gov account and even that would only contain unclassified material. Classified stuff goes by other means.

    Got all that?

    Think it works?

    --
    You can't see ANYTHING from a car, You've got to get out of the goddamned contraption and walk...Edward Abbey
  32. Re: Good by Monster_user · · Score: 1

    A competent I.T. lead doesn't mean an organization is competent with I.T.

    Mandatory meetings regarding "reply to" and "from" don't necessarily do squat. Even when they do help, it only helps to contain the damage. An organization is only as strong or as competent as its weakest link.

  33. IMHO by basicprimitives · · Score: 1

    He must get medal and reward for demonstrating vulnerabilities of the system.

  34. Re:Mainstream media will give little airtime to th by deathguppie · · Score: 1

    yup, Trump had nothing to do with Russia ever.. except maybe..

    2008 Trump "Russians make up a pretty disproportionate cross-section of a lot of our assets. We see a lot of money pouring in from Russia" http://time.com/4433880/donald...

    2013 Trump appears in a music video by the son of Aras Agalarov https://www.youtube.com/watch?...

    2014-2015 - Starting in 2014, Trump oddly Tweeted Nine Times to Deleted Russian Twitter Accounts About Running for President. https://www.pastemagazine.com/...
    11/23/2014 - "@russiannavyblog: @dr_rita39 I follow Mr. Trump in a crusade to get him to restore Western Civilization with a Trump/Palin '16 ticket!" https://twitter.com/realDonald...
    12/20/2014 - "@VladimirRussia7: "@realDonaldTrump :Be sure to set exceptional goals for your 2015 resolutions. Push yourself, you can do it. Think Big!"" https://twitter.com/realDonald...
    12/24/2014 - "@VladimirRussia7: @realDonaldTrump Merry Christmas,my favorite billionaire!" Thanks! https://twitter.com/realDonald...
    12/27/2014 - @VladimirRussia7: @realDonaldTrump and \@mcuban and \@WarrenBuffett are my favorite billionaires and heroes." https://twitter.com/realDonald...
    1/17/2015 -"@VladimirRussia7: @realDonaldTrump Oh,How I respect you- a billionaire,a family man,and a TV Star!" Thanks. https://twitter.com/realDonald...
    1/30/2015 -"@VladimirRussia7 You are the best #billionare and the great teacher!I love your inspiring books!" Thanks and good luck.https://twitter.com/realDonaldTrump/status/561179324699910147
    1/30/2015 - "@russiannavyblog: @realDonaldTrump An announcement Mr Trump will run for President and fix the Obama-ruined nation?" https://twitter.com/realDonald...
    3/11/2015 - "@russiannavyblog: @Joe3957 If there is anything America desperately needs, it's a Trump run!" https://twitter.com/realDonald...
    3/11/2015 - \@monkiekaty: @realDonaldTrump Yes! Yes! Yes! Trump for President https://twitter.com/realDonald...

    I could really fill a volume here there is so much out there.

    If America want's to represent Democratic values i.e. capitalism, rule by the people for the people, on a world stage, with the willingness to represent and defend those people who cannot. Then we must as a nation defend those things. We have a president who will not or cannot defend those things that have been so sacred to our institution. The rule of law over government, the desire to promote the will of the people over tyrannical leaders, the hope that all of us will have some say in our own lives, and the willingness to defend others. That is the America I fight for. Not Nazi's, not white power, not America first. https://www.snopes.com/dr-seus...

    --
    once more into the breach
  35. Re: Good by PopeRatzo · · Score: 1

    Thanks

    You're welcome. I live to serve.

    --
    You are welcome on my lawn.
  36. Re:Good by AvitarX · · Score: 1

    No idea, I only reason the summaries, but it doesn't sound like his gov business was in his Verizon or iCloud account to me.

    But that's not really my point.

    I read a summary about the failure of Verizon to have even basic security training for it's people in charge of resetting passwords, and the first post basically says it's from the culture of lack of accountability in government. I really don't see how the two are related.

    --
    Wow, sent an e-mail as suggested when clicking on "use classic" banner, and got a fast response that addressed my msg
  37. Re: Good by Anonymous Coward · · Score: 1

    I try not to feed the trolls, but-
    "Gamble, aged 15 at the time, also persuaded a helpdesk at the FBI that he was the then deputy director Mark Giuliano"
    Sounds like the government to me.

  38. Re:Good by Carewolf · · Score: 1

    "Isn't this about Verizon failing, not the gov?"

    Largely. However in a perfect world Brennan's Verizon accounts would contain nothing but emails to his family and friends, ecommerce orders and confirmations, and the usual spam. All his government traffic would be from his .gov account and even that would only contain unclassified material. Classified stuff goes by other means.

    Got all that?

    Think it works?

    That has nonthing to with with government, but that single incompetent or corrupt individual.

  39. Re:Mainstream media will give little airtime to th by serviscope_minor · · Score: 1

    You will benefit from a class in the art of English comprehension. To this end, you could perhaps explore availing yourself to some of these classes. You will not lose.

    Pro tip: writing english good isnt about how many fancy words you use.

    The keyword in my statement is *air time*

    Eh not my fault that you're unable to make yourself understood. Air time is used to describe amount of coverage, in much the same way we refer to newspapers as "the press" even though even print news papers haven't used actual presses in a rather long time.

    Plus if you're going to be excessively pedantic, most of us get our news over wifi, so air time works perfectly.

    --
    SJW n. One who posts facts.
  40. Re:Good by kilodelta · · Score: 1

    I wouldn't be so sure of this. State Government by hook or by crook manages to secure things. The Federal side though is full of holes.

    Part of it has to do with Congress starving budgets. But this kids only mistake was messing with the FBI. If he'd just done Verizon which btw, is corporate America and has experience breeches before. When you put people that are art majors in place as you CISO you're gonna get breeched.

  41. Re:Good by eric_harris_76 · · Score: 1

    There's a limit to how sucky a company in the private sector can be. Eventually, no amount of marketing and unthinking brand loyalty (what a delightfully awful term, "brand loyalty") can keep the company going. Hiring people for their connections rather than their abilities hastens the decline. (If it doesn't, they weren't really the wrong people, now were they?)

    But Amtrak and the Post Office and unaccredited school districts just keep chugging alone, funded by taxpayers.

    The limit there is how much the taxpayers are willing to tolerate. And apparently, that limit is nowhere near being reached.

    --
    There's no time like the present. Well, the past used to be.
  42. Re:Good by PopeRatzo · · Score: 1

    There's a limit to how sucky a company in the private sector can be.

    Not really. Not with our corporate bankruptcy laws. There's even a doctrine in the corporate world called, "falling upward".

    --
    You are welcome on my lawn.
  43. Re: Good by glaucomys · · Score: 1

    Stop acting butt-hurt, if I may say. Lack of humour has nothing to do with sexual orientation