A teen hacker and two other people managed to hack CIA Director John Brennan’s personal email, revealing sensitive information from his email account. The group used various social-engineering techniques to pull information from tech support departments from Verizon and AOL that ultimately led to accessing the personal account of their target.
The hacker, who is reportedly a high school student, told Wired that the first thing the group did was to perform a reverse lookup on Brennan’s phone number. As soon as they discovered he was a Verizon customer, they called Verizon posing as a technician in need of Brennan account details.
“[W]e told them we work for Verizon and we have a customer on scheduled callback,” he told Wired. “The caller told Verizon that he was unable to access Verizon’s customer database on his own because ‘our tools were down.’”
To obtain Brennan’s account number, four-digit PIN, backup mobile number, AOL email address and the last four digits on his bank card, the hackers only needed to provide a unique, but fabricated employee Vcode that Verizon assigns to employees.
The next step involved hacking AOL, with hackers obtaining access to his account on October 12th.
“[A]fter getting that [Verizon] info, we called AOL and said we were locked out of our AOL account,” he said. “They asked security questions like the last 4 on [the bank] card and we got that from Verizon so we told them that and they reset the password.”
Brennan realized he lost access to his account and reset the password three times, but the hackers regained access each time using the same methods.
While they had access to the account, they managed to retrieve sensitive data that Brennan mailed to himself from his work account. Among the attachments was a spreadsheet containing names and Social Security numbers, some of them belonging to U.S. intelligence officials, but also a letter from Senate asking the CIA to stop using torture tactics in interrogations.
Brennan then closed his AOL account on October 16th, after they called Brennan to tell him he’s been hacked. “How much do you really want?” Brennan apparently asked the hackers after they joked they want 2 trillion dollars. “We just want Palestine to be free and for you to stop killing innocent people,” the hackers said.
The same group targeted and breached a Comcast account belonging to Homeland Security Secretary Jeh Johanson.