Some high school students are claiming to have hacked the email account of CIA’s director John Brennan. After hacking into the account, they published the personal information of more than 20 CIA agents.
The leaked information included email addresses, phone numbers, social security numbers and clearance level of the CIA employees. All this information was published in a spreadsheet.
NSA’s former technical director (Jasper Graham) finds this as an embarrassing incident and believes that original login credentials were used to enter into Brennan’s account and term this attack as a “Social engineering” attack.
While defining social engineering attacks he said:
“Social media has enabled this to the nth degree because a quick profile search and a friend request and then LinkedIn can get you enough information to start resetting things. All the providers, whether it’s credit cards or banks, have to have something else in place.”
The hackers used a twitter account to disclose all the information from Brennan’s account and were threatening to disclose more, but their account suspended on a Monday afternoon.
The motive behind this breach was disclosed by a New York Times post, which said the hacks were carried out to oppose US foreign policies and support Palestine. But, they denied themselves to be Muslims.
https://twitter.com/phphax/status/656276372910927872
On twitter, hackers showed their support for Palestine to be a separate state. And also reflected on the breach in these words: “pretty hype about it”.
https://twitter.com/phphax/status/655899836101828608
https://twitter.com/phphax/status/654090625739005952
https://twitter.com/phphax/status/655059280056422400
CIA spokesman said he was aware of all the reports generating on social media and investigations on all this has already started. FBI has also been added to the investigation.
Amongst the leaked data, the cell numbers posted on twitter went on directly to voice mail and one of the women told the guardian one of the numbers from the list has been sending in calls from last 2 years and she has been rejecting it as the wrong number.
“I always tell people this is the wrong number,” she said. “If you do get in touch with him, could you ask him to update his information?”
The hackers didn’t end up on leaking information that is mentioned above but went beyond and posted some screenshots of financial info which within itself a sensitive piece of information.
https://twitter.com/phphax/status/656152792453795840
https://twitter.com/phphax/status/655004489901035520
This attack builds on the chain of attacks happening in recent weeks. During recent weeks, accounts of data broker Experian, the US government’s Office of Personnel Management, and a hotel chain owned by Donald Trump have been attacked.
With that, Henry Clinton is expected to testify on Thursday regarding her usage of personal email account during her tenure as state’s secretary, in front of congress.
Such a large of a number of account breaches and leakages of sensitive information is calling for the government to come up with a counter plan.
But, Intel’s chief architect believes that weakness is on the side of the owners who are never aware of how vulnerable their accounts are.
“Every single email app out there has the capability to take keys and certificates. Nobody uses them. Nobody. That’s your technology solution. That’s the problem.” He said
Coming to this incident, this would never have happened if Verizon or AOL had notified regarding the password change. But, either of Verizon and AOL doesn’t have this in their systems and this is why the breach easily took place.
One thing is for sure in order to make the internet a better awareness regarding the security of the accounts has to be raised but the problem is each day there are new openings and to counter all of them is nearly impossible.
The Guardian
NY Post
