The Director of the CIA Hacked, By A High Schooler
November 2, 2015 | DevOps | joanna mastrocola
The personal AOL account of CIA Director John Brennan was recently hacked by a couple of high school students. When we think about the CIA we typically imagine savvy spies and futuristic technologies. The reality, however, seems a lot less impressive after learning that the email security for the CIA is about as impenetrable as our own.
This was not a high tech breach; these were no expert hackers or highly skilled coders. This was just a few kids who got creative and were able to breach the email of one of the most powerful members of the CIA. You would think that government officials, who are privy to sensitive information on a daily basis, would work harder to make sure their data was secure. But this story shouldn’t surprise us, in 2014 783 data breaches were reported, and in those breaches at least 85.61 million records were compromised. However, I think we are still shocked when some of the most powerful people in society get breached, as they have the means and resources to strive for better.
The New York posts reports that according to the hacker, the email account also had information about the government’s use of “harsh interrogation techniques”. It is assumed that the hacker will likely face criminal charges in order to set an example and deter other hackers from trying something similar in the future.
Wired covers the report given by the supposed high school aged hacker of how he carried out the breach. The hacker says he posed as a Verizon worker and had two friends help him. The group also hacked into the Comcast account of Homeland Security Secretary, Jeh Johnson.
This article by Amanda Vicinanzo points out that despite the number of high profile, costly breaches that occur on what seems like a weekly basis, cybersecurity still is not taken very seriously. This attack was less sophisticated than most, the hacker using social engineering to gain access to Mr. Brennan’s personal AOL account.
Brennan argues that he wasn’t being negligent with his personal email. The truth remains, however, that he had highly sensitive information in his email account, including the personal information and social security numbers of the CIA’s top intelligence officials and his confidential 47 page application for security clearance. This alarming lack of accountability and responsibility doesn’t help matters much, as it begs the question, will he be more careful in the future? If he is unwilling to take even some responsibility for the breach why would he bother changing his habits?
There will always be hackers, there will always be bad guys trying to infiltrate our systems. If we are going to hold on to sensitive data we have an obligation to take every possible step to make sure it remains secure.
Want to learn more about securing your secrets, check out our secrets management checklist.