Hacker Who Hacked CIA Director’s Email Tells How He Did It
A hacker who claims to have broken into the AOL account of CIA Director John Brennan says he obtained access by posing as a Verizon worker to trick another employee into revealing the spy chief’s personal information.
Using information like the four digits of Brennan’s bank card, which Verizon easily relinquished, the hacker and his associates were able to reset the password on Brennan’s AOL account repeatedly as the spy chief fought to regain control of it.
News of the hack was first reported by the New York Post after the hacker contacted the newspaper last week. The hackers described how they were able to access sensitive government documents stored as attachments in Brennan’s personal account because the spy chief had forwarded them from his work email.
The documents they accessed included the sensitive 47-page SF-86 application that Brennan had filled out to obtain his top-secret government security clearance. Millions of SF86 applications were obtained recently by hackers who broke into networks belonging to the Office of Personnel Management. The applications, which are used by the government to conduct a background check, contain a wealth of sensitive data not only about workers seeking security clearance, but also about their friends, spouses and other family members. They also include criminal history, psychological records and information about past drug use as well as potentially sensitive information about the applicant’s interactions with foreign nationals—information that can be used against those nationals in their own country.
The hacker, who says he’s under 20 years old, told WIRED that he wasn’t working alone but that he and two other people worked on the breach. He says they first did a reverse lookup of Brennan’s mobile phone number to discover that he was a Verizon customer. Then one of them posed as a Verizon technician and called the company asking for details about Brennan’s account.
“[W]e told them we work for Verizon and we have a customer on scheduled callback,” he told WIRED. The caller told Verizon that he was unable to access Verizon’s customer database on his own because “our tools were down.”
Copyright 2015 SIGNAL. Permission to use portions of this article is granted provided appropriate credits are given to www.signalng.com and other relevant sources.