Slashdot Mirror
UK Teen Who Hacked CIA Director Sentenced To 2 Years In Prison (gizmodo.com)
An anonymous reader quotes a report from Gizmodo: A British teenager who gained notoriety for hacking a number of high profile United States government employees including former CIA director John Brennan and former director of intelligence James Clapper was sentenced Friday to two years in prison. Eighteen-year-old Kane Gamble pleaded guilty to 10 separate charges, including eight counts of "performing a function with intent to secure unauthorized access" and two counts of "unauthorized modification of computer material," the Guardian reported.
Gamble, otherwise known by his online alias Cracka, was 15 at the time that he started his hacking campaigns. The alleged leader of a hacking group known as Crackas With Attitude (CWA), Gamble made it a point to target members of the U.S. government. The young hacker's group managed to successfully gain access to ex-CIA director John Brennan's AOL email account. The group hacked a number of accounts belonging to former Director of National Intelligence James Clapper, including his personal email, his wife's email, and his phone and internet provider account. The hackers allegedly made it so every call to Clapper's home phone would get forwarded to the Free Palestine Movement.
Gamble, otherwise known by his online alias Cracka, was 15 at the time that he started his hacking campaigns. The alleged leader of a hacking group known as Crackas With Attitude (CWA), Gamble made it a point to target members of the U.S. government. The young hacker's group managed to successfully gain access to ex-CIA director John Brennan's AOL email account. The group hacked a number of accounts belonging to former Director of National Intelligence James Clapper, including his personal email, his wife's email, and his phone and internet provider account. The hackers allegedly made it so every call to Clapper's home phone would get forwarded to the Free Palestine Movement.
"performing a function with intent to secure unauthorized access"
James Clapper... the chap who oversaw the largest "intent to secure unauthorized access" campaign in the history of computing? The one which targeted people all around the world for "full take" access? THAT James Clapper?
When Clapper does 3 billion counts of whatever punishment this idiot kid will get, and goes away for the rest of his life, and the other people involved do similar time, then maybe we can think about what's appropriate for the idiot kid.
Until then it's simply more "rules for me but not for thee".
This is nothing less than a miscarriage of justice.
of course the government with Israel's influence wants to nail him for that.
Either way, I was with him until he decided to modify information. Release info is one thing. Modifying it is another.
The head of the CIA using an AOL account isn't as bad as it seems.
Brennan had an account with AOL from the beginning of the internet, and only used it for personal, trivial things. He had a strong password, and didn't reuse passwords. All his work-related communications were done elsewhere.
The "hack" was Gamble calling up AOL pretending to be Brennan, and having a sysadmin change the password.
Brennan did nothing wrong, and could not have prevented this. In fact, he even did things right by not having any business-related communications on that account.
I don't know the specifics of James Clappers' hack, but it was very likely the same. Assuming Clapper didn't have work-related stuff on his personal E-mail (and there's no reason to suspect that he did), this was nothing more than some high-level people being embarrassed by a kid hacker.
Interesting that it's impossible to talk ill about Israel without people rabidly defending them by thinly veiled accusations of antisemitism.
He'll likely be out in less than a year -- their justice system tends to be more "just" than the US's. Good, the people he hacked couldn't be a nicer bunch of "people."
Muslims theocracies are bad. Christian theocracies are bad. Jewish theocracies are bad. The fervor to make sure there's enough Jewish people in Israel to be sure the Jewish maintain power makes it a theocracy to me. There's definitely a lot of countries in the region who wish all Jews killed. I understand that there's no reasonable way to placate the Muslims in the region, so even presuming Israel had actually worked to form relations with other countries in the region and assimilate the Palestinians, they'd have found some other excuse to want to kill the Jews.
It seems obvious then that the Jews in Israel, if they want to not be under that constant death threat, need to leave somewhere else because those threats aren't going away. Either that or they need to conquer the whole region. Those are basically the only two real choices. If they do the latter, the only successful way in the long-term for stability would be to not have a government that's a de facto theocracy. The current situation is just a fucking mess, though.
...in a heartbeat.
Hacking the CIA Director doesn't necessarily mean your hack-fu is incredible, but it probably indicates that your social skills are pretty good.
That's what I want in an employee. I want somebody who can walk the walk well enough, of course. But my priority is that they make people who can help the company become more successful like and respect us. That's done through the people who speak for you. They don't need to be the brightest star in the sky. They need to be that bright person you would like to work with.
I've calculated my velocity with such exquisite precision that I have no idea where I am.
Even if it's just personal correspondence with friends and family, getting into that account reveals all their email addresses, information about their schedules, their writing styles and habits (great for spear phising attacks), all kinds of stuff.
In practice, given how seldom encryption is used in e-mail, that information isn't very well protected to begin with.
Nearly nobody outside off /. ers uses GPG, and S/MIME is only used in some peculiar corporate settings.
Thus nearly all e-mail are clear during the exchange.
Also not every single e-mail server uses encryption.
You might have setup your email client to use, e.g.: IMAPS and SMTP with STARTLS.
But there's no guarantee that you correspondent will have done similar (or uses a webmail over HTTPS).
And no guarantee either that the various machines along the chain between your SMTP server and your correspondent IMAP server will all use TLS/SSL secured links.
So a lot of what you've mention can be gather simply by looking at un-encrypted traffic, no need to hack anyone's computer.
Aside from the embarrassment of having an @aol.com email address, they don't support a lot of basic security tech like 2 factor auth and apparently don't give their support staff any security training, so should not be used for any purpose.
That's the major problem in my opiion :
- AOL is stuck in "early 90s" style of internet security.
- it's not the kid who should get locked in. it's AOL who should be fined for awefully bad security practices.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]