14 DAY TRIAL // John Brennan woke up on October 18 and was greeted by a New York Post headline that read that an unknown teen hacker had managed to compromise his personal AOL email account, steal important documents, and then leak them on Twitter.
The hacker (@phphax on Twitter) says he managed to break into Brennan's AOL email account after he and two friends posed as Verizon employees and then tricked another employee into revealing personal details for Brennan's account.
This included Brennan’s Verizon account number ID, 4-digit PIN code, secondary phone number, AOL email address, and the last four numbers for his bank account.
They then used this information to reset the password for Brennan's AOL email account, from where they managed to steal sensitive government information, attached to some emails, which the CIA director sent to his personal email from his White House issued mail account.
Hackers stole over 40 emails with sensitive information
The hack took place on October 12, and the hackers found over 40 emails containing sensitive information, which they slowly started leaking on Twitter and on anonymous text-hosting websites the following days.
Twitter took down the tweets immediately, and AOL deactivated Brennan's email account on Friday, October 16. After the tweets were taken down, the hacker also claims to have sent some of the documents to one of Anonymous' Twitter accounts.
The hacker had access to Brennan's email account for three days. Brennan possibly detected the intrusion and reset his password three times, but the attacker re-accessed the account every time.
Hackers personally called Brennan to inform him of the hack
During this time, the hackers called Brennan to inform him his account was hijacked and jokingly ask for two trillion dollars. After this incident, the AOL account was taken down.
The sensitive information found in Brennan's AOL account includes: documents Brennan filled to get security clearance for the CIA's applications and projects, records on some CIA employees, and phone call logs from July 20 to October 12 with Avril Haines, the White House's Deputy National Security Advisor, former CIA Deputy Director.
The hacker gave several interviews to major US news outlets and even said that, at one point, during August, he prank-called CIA headquarters, managing to get in contact with Brennan himself, reciting Brennan's SSN (Social Security Number) and then hanging up.
The hacker is a US high school student
In the same interviews, the hacker said he is a US citizen, not Muslim, but carried out the attacks because he opposes the US' aggressive foreign policy.
The unnamed hacker also claims to have hacked US Homeland Security Secretary Jeh Johnson. In this case, the hacker was allegedly able to access Johnson's Comcast account and listen to his voicemail. He also posted billing information from Johnson's account on Twitter, but that account is now suspended.
As you'd expect, the CIA, FBI, Secret Service, and any other US law enforcement agency under the sun are investigating this case.
"In today’s environment of advanced and targeted threats, it is imperative to assume that data breaches will happen, and proactively take steps to protect sensitive documents inside and outside an organization," said data leakage prevention expert, Scott Gordon, COO of FinalCode, a file security company. "File encryption, usage controls and gateway content filtering would allow the CIA, as an example, to discover the data exfiltration. Really, with all of the layers of security that can be put to bear, it behooves all organizations to take preventative measures in order to protect files."
"It does not appear that any classified information was accessed" meanwhile.. pic.twitter.com/tOSlMtS3Ly
— cracka (@phphax) October 19, 2015
Well, John Brennan deleted his email because we kept jacking it LOL pic.twitter.com/1QbGblEPQz
— cracka (@phphax) October 16, 2015
We sent @GroupAnon documents confirming we actually do have documents from his email. I guess Mr Brennan broke the law! :O
— cracka (@phphax) October 20, 2015