In an annual conference held at the George Washington University, CIA Director John Brennan shared his thoughts on his personal AOL email account being hacked earlier in October 2015. The hacker goes by the online name “cracka,” and claims to be 13 years old. He did not work alone.
The CIA declined to comment on the hack until the “Ethos and Profession of Intelligence” conference in late October. The director has said he is “outraged” and “dismayed” at the event.
The hacker revealed numerous emails, contacts, and documents, including an application for top-security clearance, on the director’s AOL account. The hacker sent those documents over to WikiLeaks because he claims that the feds kept deleting the documents before they could be widely disseminated.
Part of the leak included Brennan’s wife’s social security number. Brennan places some of the blame on how the media handled the leaks. He says that the implications made by the media, suggesting that he was failing in his responsibilities as Director of the CIA, are incorrect and damaging.
The hack was a result of social engineering. The hackers looked up Brennan’s personal phone number and found that it was registered under Verizon Wireless. The hackers posed as a Verizon Wireless employee and asked another employee over the phone for Brennan’s personal information. They claimed they could not look up the information themselves because of technical errors. The hackers provided the real employee with a fabricated employee ID and received key pieces of personal information including the account number, the last four digits of his credit card, his PIN number, and the AOL email address, among other pieces of personal information.
The hackers used this information to hack into Brennan’s personal account that contained documents dating to 2009. Brennan reportedly managed to reset his password three times, losing access to the account each time. AOL managed to shutdown access to the account a few days after the hack occurred.