Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Crime Government Security United Kingdom United States Verizon

Arrests Made After Group Hacks CIA Director's AOL Account (washingtonpost.com) 107

Slashdot reader FullBandwidth writes: U.S. authorities have arrested two North Carolina men accused of hacking into the private email accounts of high-ranking U.S. intelligence officials. [The men] will be extradited next week to Alexandria, where federal prosecutors for the Eastern District of Virginia have spent months building a case against a group that calls itself Crackas With Attitude... Authorities say the group included three teenage boys being investigated in the United Kingdom.
The group used social engineering to access the email accounts of John Brennan, the director of the CIA, as well as the Director of National Intelligence, and former FBI deputy director Mark Giuliano, according to the article. One exploit involved "posing as a Verizon technician and tricking the company's tech-support unit into revealing the CIA director's account number, password and other details." An FBI affidavit alleges that a British teenager named "Cracka" also began forwarding the calls of a former FBI deputy director "to a number associated with the Free Palestine Movement," while "D3F4ULT" paid for a campaign of harassing phone calls. In addition, "According to the affidavit, Cracka appears to have gotten into the law enforcement database simply by calling an FBI help desk and asking for Giuliano's password to be reset..."

"One member told CNN [In a video interview] that he smoked marijuana 'all day every day' and was 'probably' high when gaining access to high-level accounts."
This discussion has been archived. No new comments can be posted.

Arrests Made After Group Hacks CIA Director's AOL Account

Comments Filter:
  • by Anonymous Coward

    To divert attention away from Russia?

  • Not sure (Score:5, Interesting)

    by Anonymous Coward on Saturday September 10, 2016 @06:57PM (#52864085)

    What's more concerning... That the director of the CIA had his account hacked, or that he has an AOL account.

    • by tepples ( 727027 )

      Last time I checked, AOL Instant Messenger needed a AOL account, at least one on the free tier. Or has everybody switched from AIM to Skype?

      • Last time I checked, AOL Instant Messenger needed a AOL account, at least one on the free tier. Or has everybody switched from AIM to Skype?

        Yes, everyone left AIM years ago, for Skype and others.

      • Re:Not sure (Score:5, Informative)

        by ShaunC ( 203807 ) on Saturday September 10, 2016 @09:40PM (#52864541)

        Last time I checked, AOL Instant Messenger needed a AOL account, at least one on the free tier.

        I still have both, but I haven't paid for AOL in 20 years. There are a lot of AIM users who never had an AOL account. Registration at aim.com was free for a long time (maybe it still is?) and I talk to a lot of people via AIM who were never AOL users. Despite the ridicule, AIM/Oscar via the Pidgin client with the OTR plugin remains a relatively secure method of communication.

        As for Skype, fuck that entirely, it's been compromised forever. If I want to holler at the NSA, I'll just yell into any phone and hope for the worst.

        • by tepples ( 727027 )

          Registration at aim.com was free for a long time (maybe it still is?) and I talk to a lot of people via AIM who were never AOL users

          That's what I meant by a "free tier AOL account", because you can log in at AOL.com with your AIM credentials.

    • by Anonymous Coward on Saturday September 10, 2016 @08:33PM (#52864347)

      The news tomorrow should be, 'CIA Director steps down after shameful discovery of using AOL accounts.'

    • Upon reading this summary, my immediate thought was, "Which is worst, that some high-ranking intelligence officials got hacked, the fact that it was so easy that kids did it without having to do any real hacking, that these high-ranking intelligence officials use AOL, or that ANYONE still uses AOL?" This makes Hillary's former IT under-achievers look like actual professionals. I think we now need to investigate whether these morons were using AOL for sensitive communications that should only go through secu
    • Most of my tech friends have gmail accounts, many of them from the days when they were hard to get and almost considered a status symbol. But why is Google's data mining preferable to AOL's or any other? I know that AOL has long been derided as being associated with grandmothers and "free" AOL disks, but their basic email is free now.

      Non-tech family and friends tend to have <cable-company>.com email addresses, more or less locking them into a specific cable provider.

      As for myself, I chose an I

    • Caught that too. Incompetent buffoons.
      They likely have CRT monitors to boot.

      • Caught that too. Incompetent buffoons.
        They likely have CRT monitors to boot.

        What's with the CRT-hate?

        I'll have you know my SGI 061-0025-001(Sony GDM4011P) 20" 1900x1280 monitor looks *great* running on my SGI Octane!

        Strat

    • What's more concerning... That the director of the CIA had his account hacked, or that he has an AOL account.

      It's called a honeypot, and they took some skells off the board.

    • by TiggertheMad ( 556308 ) on Sunday September 11, 2016 @02:55AM (#52865083) Journal
      I said the same thing at first, but if you think about it, its brilliant. When the KGB tries to hack into his personal account, they see it is an AOL account and say, 'Neyt comrade, you are mistakekink. Thees coold not be direcktors account, only retarded child use AOL account. Must be, how you say, hunny pit? Ve keep lookikink elsever.'

      These CIA guys, always throwing fucking curve balls. They are like, Inception deep.....
    • Re:Not sure (Score:5, Interesting)

      by Alain Williams ( 2972 ) <addw@phcomp.co.uk> on Sunday September 11, 2016 @03:16AM (#52865113) Homepage

      What's more concerning... That the director of the CIA had his account hacked, or that he has an AOL account.

      What really is concerning is that tech support knew ''Brennan’s account number, password and other details''. Who stores passwords in clear these days ? The only safe storage is a one way hash or something. This is vague as to exactly which tech support was tricked and which account details were revealed, but who in tech support would tell anyone someone's password ?

      • by guises ( 2423402 )

        but who in tech support would tell anyone someone's password ?

        Someone they hired after they fired all of the competent people following the Snowden leaks?

        • AOL fired people? I wasn't aware that AOL had a recent downsizing in their tech support department.

      • Who stores passwords in clear these days ?

        You've apparently never worked on a project for a government agency.

        They're typically a combination of right-up-to-date (on things which you can just spend money on and it shows up, like a brand new laptop and monitor every year) and 20-30+ years behind (on things which require actual policy/best practices/technology knowledge).

        It doesn't shock me at all that the FBI help desk is as described [washingtonpost.com]. I'm a little more familiar with the IRS. In 1991 they were spending $8 Bi [baltimoresun.com]

        • When did AOL become a government agency?

          • I know it's too much to read the articles, but try to keep up with at least the summary and the thread you're replying to.

            We were discussing this line: "According to the affidavit, Cracka appears to have gotten into the law enforcement database simply by calling an FBI help desk and asking for Giuliano's password to be reset..."

            I'm pretty sure AOL doesn't provide the FBI help desk staff, nor manage authentication for their law enforcement databases....

            • Perhaps you should keep up with the thread?

              'Brennan’s account number, password and other details''

              that is what was responded to, this was AOL, not the FBI that had unencrypted passwords. The FBI needed to reset the password because they don't have unencrypted passwords.

    • by Greyfox ( 87712 )
      HEY! He got 20 HOURS of free dialup with that CD that came in the mail!
  • Missing the point (Score:5, Interesting)

    by pdclarry ( 175918 ) on Saturday September 10, 2016 @06:58PM (#52864091)

    While it is always worthwhile to prosecute the hacker, the real question is how is it possible that the Director of the CIA was hacked? Massive incompetence in the CIA is the only possible explanation.

    • by fl_litig8r ( 904972 ) on Saturday September 10, 2016 @07:01PM (#52864113)
      This was his private e-mail, not his CIA e-mail.
      • When you get to the CIA doing anything on a public web host for email is wrong. You need to be running a private server.

        Republicans are grilling Hillary for using an private server both home and work. This guy needs to be executed for treason for using aol at all.

    • by Okian Warrior ( 537106 ) on Saturday September 10, 2016 @07:07PM (#52864131) Homepage Journal

      While it is always worthwhile to prosecute the hacker, the real question is how is it possible that the Director of the CIA was hacked? Massive incompetence in the CIA is the only possible explanation.

      This came up and was discussed on Schneier's security blog.

      In this instance the CIA director did nothing wrong. He had a strong password, didn't let it out, and had no sensitive information on this particular personal account.

      The hackers convinced AOL to to do everything on behalf of Brennan, without his knowledge or consent. All the security "best practices" in the world won't help if you can convince someone at the ISP to let you in.

      To his credit, Brennan used this account for personal purposes, and apparently there was absolutely nothing of a sensitive nature there.

      • by Anonymous Coward

        Ahem, he did nothing wrong at all... OTHER THAN CHOOSE TO USE AOL... dumbass is as dumbass does. Although it was a personal account so who gives a shit so why are these people being prosecuted exactly? How about prosecute the AOL morons that let this happen.

      • by Luthair ( 847766 )
        Why would a high value target use a commodity grade email service?
      • All the security "best practices" in the world won't help if you can convince someone at the ISP to let you in.

        I can't help but feel as though you're missing the joke, hence I quoted the relevant part.

    • by AHuxley ( 892839 )
      Re 'Massive incompetence in the CIA is the only possible explanation."
      Kept it safe from the NSA, GCHQ, MI6, other parts of the CIA or other agencies... or just decades of later FOIA requests.
      The point is not to have anything thats interesting to your own staff, rogue staff, long term spies, 5 eye nations, the NSA, ex staff, former staff who might be looking or have sold/given/been of the same faith/cult and liked to give details to other govs, mils...
      The selection of a mainstream US brand is so unexpecte
  • by Anonymous Coward

    [The men] will be extradited next week to Alexandria.

    Holy crap, why are they sending them to Egypt?

  • by fl_litig8r ( 904972 ) on Saturday September 10, 2016 @06:59PM (#52864101)

    I used to think that the only reason someone would want their own e-mail server would be to try to erase a central record of sent e-mails should the need arise, but after reading this summary I see that there is merit in not entrusting a third party's low level tech support person with the ability to either read or reset your password.

    In other news, Verizon knows its users' passwords? Let me guess -- they're stored in plaintext.

  • by Anonymous Coward

    Posing as a technician to get passwords - what?

    Law enforcement database for managing private e-mail accounts - what?

    I mean this shit could all just be made up to cover up the more embarrassing things they actually did, because if security were so lax as this story claims, every hostile nation would have pretty much everything on all high ranking intelligence officials.

    • > every hostile nation would have pretty much everything on all high ranking intelligence officials.

      Would it be worth it to China to spend a million dollars trying all sorts of ways to get into the President's email, or the secretary of state? Of course it would. If the

    • I accidentally hit submit before I was done writing.

      > every hostile nation would have pretty much everything on all high ranking intelligence officials.

      Would it be worth it to China to spend a million dollars trying all sorts of ways to get into the President's email, or the secretary of state? Of course it would. If they tried hundreds or even thousands of different hacks, would they eventually get lucky? Sure, probably.

      Therefore they probably have tried thousands of times, and eventually been succes

  • by Crashmarik ( 635988 ) on Saturday September 10, 2016 @07:05PM (#52864129)

    Has an AOL account ?

    Come on what does he use for personal information ? Myspace ?

    • by Tablizer ( 95088 )

      Hey, AOL is for serious work. Shut up!
        - Colin P.

    • by Anonymous Coward

      1996 called? Did you warn them?!!

  • Has an AOL account? Jeeze, that just about says it all doesn't it?

  • This sounds suspiciously like part of the story in Hackers.
  • For a government official to use an AOL account for anything should be a criminal offense.

  • It's right up there on top. The sentence with "cia director" and "aol account". That's impossible.

  • I work at a large finnish ISP. We employ a very simple method to avoid problems with impostors trying to reset account passwords and the like, we do not, under any circumstances, reset the password on the customer's behalf. The customer has to do it him/herself. In theory, we are not forbidden from resetting a password, but we are (under penalty of immediate termination) forbidden from giving up the new password to anyone via any form of communication. The customer has to do the resetting him/herself via th

  • Comment removed based on user account deletion
  • The group used social engineering to access the email accounts of John Brennan, the director of the CIA, as well as the Director of National Intelligence, and former FBI deputy director Mark Giuliano, according to the article. One exploit involved "posing as a Verizon technician and tricking the company's tech-support unit into revealing the CIA director's account number, password and other details.

    That IT department (in CIA/FBI) should be fired. Everyone knows that there is no reason for Verizon to ask for

You know you've landed gear-up when it takes full power to taxi.

Working...