On Sunday, The New York Post reportedthat a teen hacker claimed to have gained access to CIA director John Brennan’s personal email account.
The hacker and his group posted documents online, including a list of email addresses allegedly from Brennan’s contact file. They also said they’d obtained other documents, like a letter from the Senate asking the CIA to stop its use of “harsh interrogation techniques” (basically, torture), and a spreadsheet of the names and social security numbers of some US intelligence officials, according to Wired.
But more surprising than the documents is just how easy it was for the hacker — who the Post described as “a stoner high school student” — to carry out the feat.
The hacker described his process to Wired, and it’s essentially just a few simple steps of social engineering.
Here’s how he hacked the head of the CIA, according to Wired:
- He did a reverse lookup of Brennan’s phone number, which told him Brennan had Verizon.
- He (or one of his team) pretended to be a Verizon technician, and called Verizon asking for details about Brennan’s account because “our tools were down.”
- Verizon asked for his “Vcode,” a code that Verizon assigns each of its employees, and the hacker gave them a fake one.
- Verizon then gave him the following information: Brennan’s “four-digit PIN, the backup mobile number on the account, Brennan’s AOL email address, and the last four digits on his bank card.”
- He then called AOL, posing as Brennan, and said he was locked out of his email account.
- AOL asked him a series of security questions, such as the last four digits of the bank card. He answered the questions with information he’d gotten from Verizon.
- AOL then reset the password for him.
And just like that, he had access to Brennan’s AOL email account. Since Brennan had forwarded emails from his government work address, it was a simple task of sifting through to find various government documents.
After the initial attack, the hacker fought with Brennan over control of the account in a game of “password reset,” and eventually ended up speaking with the CIA director on the phone.
When discussing potential payment, the hacker claims Brennan said, “How much do you really want?”
The hacker replied, “We just want Palestine to be free and for you to stop killing innocent people,” according to Wired.
Business Insider Emails & Alerts
Site highlights each day to your inbox.