 |
| CIA Director, John Brennan, who had his AOL email account hacked by group of teenagers |
The email of the director of America's, arguably, most important intelligence agency has been hacked by a thirteen year old.
Two other teenagers worked with the thirteen year old to form a group called "Crackas With Attitude." As a group, the three worked together to hack into John Brennan's AOL email account.
The damages are just as bad as the situation sounds like. More than 2,500 email and instant message addresses of other high-ranking government executives were yielded along with the director's email account. Other very important information, like Brennan's 47-page application for top-secret security clearance and the Social Security numbers and other personal information of numerous other top CIA officials were seized by the teenagers, as well.
To go beyond the scopes of hacking into Brennan's email, the hackers further embarrass the CIA by contacting the media, telling how he managed to hack the email and demanding the CIA director to stop killing innocent people in Palestine and free them.
The hackers who call themselves as "Crackas With Attitude", or simply "Crackas", weren't satisfied with just the hacking of an email. The teenagers who are still not caught nor identified actually had series of phone conversations with the New York Post, where they described how exactly they managed to hack the director's email and what their purpose was in their action.
The hackers referred to their tactics of hacking the email as "social engineering", in which they tricked the Verizon workers into giving Brennan's personal data, which the hackers were able to use to trick AOL into resetting the password of Brennan's email.
 |
| WikiLeaks twitting that they have received and will soon release hacked information obtained by the CWA. |
Once they got a hold of information from Brennan's email account, they posted them on their Twitter account, @phphax, which has now disappeared, and other sources of media, such as WikiLeaks, who promise to release them.
According to WIRED, The hackers also constantly contacted Brennan, resulting in his deletion of his account altogether. The hackers referred this communication process with Brennan, "a prolonged cat-and-mouse game with the CIA director."
 |
| One of the tweets that the CWA tweeted before the account was deleted |
Brennan should not be criticized so hard, as the cybersecurity of the entire government proves to be pretty weak with the Chinese cyber-attack on the OPM earlier this year.
Some people are wondering why Brennan did not just use an email protected by the government cybersecurity. The answer is pretty obvious -- it's not proven to be a stronger protection than the typical email services like AOL, Gmail, Yahoo! mail, and more. In fact, some people actually suggest that it may just be more vulnerable than those popular email services.
New York Times explains that the reason why the government is so vulnerable to cyber-attacks. One obvious reason is the nature of the Internet, which was built for openness and speed. It wasn't built for 'security'. It's very hard to defend and exclude things in an environment that was initially created for accessibility. The other reason is that for the government, being an old, huge, bureaucratic organization it is, it is especially difficult to change readily to defend effectively against the quick, new methods of cyber-attacks.
The organization concludes that you simply cannot protect yourself completely on the Internet. It suggests that the best way to deal with cyber-attacks is to take steps that makes the hacking job harder for the criminals, most notably by changing your password frequently.
The conclusion of the New York Times is supported with the hacking of the OPM, or the Office of Personnel Management, earlier this year by the Chinese. OPM is a government agency that manages the civil service of the federal government by "recruiting, retaining and honoring a world-class force to serve the American people."
The OPM stored many personal information of the US governmental staff, including ID and security clearance information, Social security numbers, names, addresses, financial data, and even biometric data, including fingerprints.
Considered as the largest breaches of government data in the history of the United States, the breach, believed to have started by the Chinese in March of 2014, was only noticed by the OPM in April 2015. The number of Americans who had their information stolen that was first thought to be 1.1 million then increased to 4 million in June 2015, went up to 21.5 million.
There are no guarantees that a government system that failed to protect very private information of millions of government employees to be able to protect an email of a single person.
Brennan cannot be blamed for not utilizing such faulted system, especially at the cost of relative inconvenience and slower speed.
Cyber-attacks has increased in numbers and severity mostly due to the increase in Hacktivism, or the use of computers and computer networks to promote political ends, chiefly free speech, human rights, and information ethics. It now constitutes half of all major motivations behind cyber attacks.
In response to such phenomenon, the government needs to improve its cybersecurity so that government cyber-attacks like the Chinese attack on OPM can be prevented and that the employees can trust on its cyber protection and use its features.
Until then, the government will constantly suffer from data breaching and other types of serious cyber-attacks that can seriously threaten, not only the government, but also, "We, the people."
First of all, I would like to point out that your post is very well-written. It is clear that you have done your research and the overall post is very informative and it flows well—great job!
ReplyDeleteSecond of all, my initial reaction to this news was shocked but, as I continued reading my shock quickly turned into an “of course this happened” mindset because as you mentioned in your post, even though we would think that such an important government official would be protected from hackers (especially because of the nature of his work), if hackers were able to obtain the information of 21.5 million Americans during the hacking of OPM, what would stop them from hacking one government official, right?
One particular piece of information in your blog post is very intriguing to me and that is that fact that these hackers were able to “trick” Verizon and obtain Brennan’s personal information and then they used that to get into AOL. What I am the most curious about though is how those workers will be dealt with. Can they be blamed for thinking that Brennan was not the actual person asking for the information? I wonder if companies likes Verizon and AOL will implement even more security measures to prevent these incidents from happening.
Furthermore, you pointed out that one reason why government officials like Brennan would not want to use the email protected by the government’s cybersecurity is because it is inconvenient and slower. This also makes me wonder if the government will work to improve their internal cybersecurity system so that there is more of an incentive for officials to use it.
Lastly, I think that while invading someone’s privacy by hacking into their accounts for any reason is unacceptable, the reasoning behind this hack is important. Your pie chart highlights the major motivations behind cyber attacks but, the particular reasoning behind this hacking incident does not seem to fit into any of the categories pointed out. It is crazy to think that 13-year-olds would have the motivation to risk so much in order to draw attention to what’s happening in Palestine and call for a change, but in a way I think it’s a little admirable. It just goes to show how Again, I do not support hacking and I think that there are other ways to draw attention to causes like this one but, by hacking into Brennan’s email, they most definitely got the attention they wanted.