The FBI and Secret Service are investigating reports that non-government personal accounts associated with CIA Director John Brennan as well as Department of Homeland Security Secretary Jeh Johnson were hacked, law enforcement officials told CNN.
The New York Post first interviewed the alleged hacker, who said he accessed an AOL email account associated with Brennan that included files regarding his security clearance application, and the hacker also claims to have accessed a Comcast account associated with Johnson.
In an interview with CNN on Monday, the alleged hacker said he has yet to be contacted by law enforcement.
The CIA issued a statement Monday saying they are aware of the report. A DHS spokesman also issued a statement saying, “We don’t discuss the Secretary’s security information. We have forwarded this matter to the appropriate authorities.” The FBI declined to comment.
It does not appear that any classified information was accessed, according to a law enforcement official.
The alleged hacker said he was motivated both by politics and by the desire to shame the government.
“John and Jeh are both very big people and high-ranking people, so, I mean, if we hacked them, they would be ashamed,” he said. “But it was really because the government are killing innocent people, they also fund (Israel) for killing innocent people.”
The reports highlight the sensitivity of government officials using personal email addresses whether or not they use them for government purposes, an issue thrust into the spotlight in part by Hillary Clinton’s use of private email when she was secretary of state.
While much of the controversy over Clinton’s email use stems from the fact that she used the account for work purposes — there has also been concern about officials using personal email for non-government purposes but on company computers.
The problem is that private email addresses make easy targets.
Johnson apologized over the summer for getting a waiver to use personal email on government computers at the Department of Homeland Security — the civilian agency tasked largely with leading the federal government’s cybersecurity efforts. He called it a “whoops” moment and extended an existing ban to cover top officials who had sought waivers for their email access.
The concern with personal email is that it can be relatively easy for hackers to target and exists outside the protections on .gov email addresses managed by the government.
In fact, the hacker told The New York Post that he used a stunningly simple tactic to allegedly hack Brennan’s account.
The process, called “social engineering,” involves collecting information on a person that is publicly available and using it to personalize an attack on their accounts. In this case, the alleged hacker told the Post he tricked Verizon employees into giving him Brennan’s information and got AOL to reset his password, presumably sending the reset to the hacker.
The tactic, taking advantage of call centers, has been documented by several in the security community as a relatively easy and dangerous hacking technique.
In another form of social engineering, a hacker in 2008 broke into the email account of former vice presidential candidate Sarah Palin by answering her simple security questions, including her birthday and zip code.
And there are other ways personal email addresses can be a risk, including malicious software spread by links in unsophisticated spam.
Though in this case it doesn’t appear any classified information was housed on the officials’ accounts, the hacker claims to have accessed Brennan’s 47-page application for his security clearance, which includes countless personal details, and to have accessed Johnson’s billing page and voicemails.
The hacker told the Post he was a high school student who is critical of U.S. foreign policy and a supporter of Palestine.
5 thoughts on “U.S. investigating report email account linked to CIA director hacked”
How ironic that Brennan would be hacked in 2015 when, as head of Analysis Corp. in 2007, one of his employees hacked into Barak Obama’s personal information file after he declared his candidacy.
This is GREAT news.
Hey, Brennan and Johnson! How’s it feel to have YOUR privacy violated?
“It does not appear that any classified information was accessed, according to a law enforcement official.”
Then what good is it.
What these dumbasses need to realize is that people that wrote the code can hack the code.
Like cisco routers… etc. These guys are lucky they didn’t get their dick pics etc…published on Drudge or other sites. Depending on who the NSA etc.. wants to manipulate. These people are ball and chained by their perversion and lust for power. Fkm.
Credible like Snowden if exposed by joo York Post, brought to you by CNN and then exposes nothing of value except vulnerability. Call me a cynic, but I smell a rat in Denmark.