Home > Web > Yikes — did a teenager really hack the CIA…

Yikes — did a teenager really hack the CIA director’s email?

If the CIA can’t protect itself against a teenage hacker, can we really expect it to protect the United States? If the claims of one under-20 year-old prove to be true, CIA director John Brennan will have been the subject of a rather alarming security meltdown, as the FBI is currently investigating one young man’s allegations that he managed to hack into Brennan’s email. Where’s Jason Bourne when you need him?

The teen hacker, who has not yet been identified, has spoken to a number of sources about his motivation and his methods. In an interview with the New York Post, the self-described “American high school student who is not Muslim and was motivated by opposition to U.S. foreign policy and support for Palestine” reportedly “contacted The Post last week to brag about his exploits, which include posting some of the stolen documents and a portion of Brennan’s contact list on Twitter.”

RelatedCrowdStrike still detecting Chinese hacks, despite landmark U.S.-China deal

Using a process known as “social engineering,” the hacker told Wired that he did not work alone, but rather enlisted the help of two others who first looked up Brennan’s phone number, allowing them to discover he was a Verizon customer. Then, the teen said, they called Verizon to begin the hacking process. “We told them we work for Verizon and we have a customer on scheduled callback,” he reportedly said in his Wired interview. He then told the telecommunications company that he couldn’t access the customer database himself because his “tools were down.”

After inventing an employee code for Verizon, he was able to obtain a frightening amount of Brennan’s personal information, including his account number, his four-digit PIN, his backup mobile number, his AOL email address, and the last four digits of his credit card. All this information proved crucial in the hacker’s next step.

After getting that info, we called AOL and said we were locked out of our AOL account,” he continued. “They asked security questions like the last 4 on [the bank] card and we got that from Verizon so we told them that and they reset the password.”

On October 12, the hackers were allegedly able to access Brennan’s email for the first time, whereupon they gained access to a number of sensitive documents, including, as Wired reports, “a spreadsheet containing names and Social Security numbers — some of them for US intelligence officials — and a letter from the Senate asking the CIA to halt its use of harsh interrogation techniques — that is, its controversial use of torture tactics.”

For four days, the hackers and Brennan wrestled over the AOL account, with the CIA director resetting his password only to find his account re-hacked. “He took back access and we re-jacked it. That happened 3 times,” the teen told Wired.

Ultimately, the hackers allege that they managed to speak to the director on the phone. Using VoIP, they said, “‘‘Hey,…. its CWA.’ He was like ‘What do you want?’ We said ‘2 trillion dollars hahhaa, just joking.’” To this, Brennan allegedly replied, “How much do you really want?”

“We just want Palestine to be free and for you to stop killing innocent people,” the hacker responded.

The CIA have yet to speak to the issue, only releasing a statement that reads, “We are aware of the reports that have surfaced on social media and have referred the matter to the appropriate authorities.” The Department of Homeland Security reiterated the same sentiment, noting, “We don’t discuss the Secretary’s security information. We have forwarded this matter to the appropriate authorities.”