Another email scandal rocks the Obama Administration, as a hacker described as a “stoner high-school student” tells the New York Post he breached the America Online email account of CIA Director John Brennan and stole sensitive work-related documents that should not have been there.
The CIA director maintaining an America Online account in 2015 is almost the most stunning detail in this story.
According to what the hacker told the Post, emails stored in Brennan’s personal account included “the Social Security numbers and personal information of more than a dozen top American intelligence officials,” as well as a government letter about the use of “harsh interrogation techniques’ on terrorism suspects,” along with Brennan’s 47-page application for a Top Secret security clearance.
The hacker described himself as a non-Muslim motivated by opposition to American foreign policy and support for Palestinians. However, his Twitter page includes a statement of the Islamic creed, “There is no god but Allah, and Muhammad is the messenger of Allah.” He calls his hacking partnership with another pot-smoking classmate “Crackas With Attitude.”
As with some other high-profile data breaches of late, including the devastating raid on the Office of Personnel Management, this particular caper involved “social engineering” techniques instead of classic code-manipulation “hacking.” In other words, the attacker says he tricked employees at Verizon into giving him Brennan’s personal data, then fooled America Online into giving him a valid password to access the CIA director’s account.
Among other mischief, he said he has been pestering Brennan with crank calls. The hacker claims to have pulled sensitive material from attachments to about forty of Brennan’s emails, and has posted many of these documents on Twitter. International Business Times reports these Tweets are often marked with the #FreePalestine and #FreeGaza passwords, and sent to the attention of one Edward Snowden, currently a resident of Moscow.
Brennan’s attacker made a point of noting that the CIA director kept using this account for six months after Hillary Clinton’s email scandal erupted, deleting it only this past Friday.
One of the documents he posted was a list of Brennan’s email contacts, which could make all of the listed individuals vulnerable to other hackers. Another document allegedly pilfered from the account was a spreadsheet of names and Social Security numbers (which the hacker redacted), including a number of senior intelligence officials, apparently dating from 2009. The Associated Press observes it is “unclear why Brennan would have stored such a document in his private email account,” before speculating that it might have been a list of invitees to a White House event.
The hacker also claims to have breached the Comcast account of Homeland Security Secretary Jeh Johnson. CNN recalls that Johnson has already apologized for using personal email addresses on government computers, describing it as a “whoops” moment.
“Though in this case it doesn’t appear any classified information was housed on the officials’ accounts, the hacker claims to have accessed Brennan’s 47-page application for his security clearance, which includes countless personal details, and to have accessed Johnson’s billing page and voicemails,” writes CNN.
International Business Times says that one of the hacker’s Tweets included a link to a file that included telephone numbers that appeared to belong to members of Johnson’s family, and a warning that the CWA hackers were “resuming attacks on Homeland Security for killing innocent people and starting wars for the fun of it.”
No one seems to be denying anything contained in the New York Post article, which quotes law enforcement sources describing the Brennan disaster as “wild” and “crazy.” These sources suggested that several federal agencies, including the FBI, are investigating the incident, and are expected to “make an example” out of the hacker once they catch him.