John Brennan, who used an ancient AOL email account, thinks nobody’s emails are safe.
The director of one of the most powerful spy agencies in the world got embarrassed last year when a group of self-proclaimed teenage hackers broke into his email account and then leaked some of his sensitive personal information to the internet.
So what did the CIA chief John Brennan learn from that? Apparently, that if hackers really want to hack your email, they can—but also that people should be wary of the information they share with others.
"There are ways that individuals can get into the personal emails of anybody," Brennan said, during an interview with CBS's 60 Minutes, which aired on Sunday.
Brennan is right in believing nothing is secure on the internet. After all, everyone from toy companies to security companies themselves seem to be getting hacked these days. What he didn't say explicitly is that perhaps one of the most powerful spies in the world shouldn't have kept sensitive stuff in his personal AOL email account, which at this point is probably only good for 1990s romantic comedy characters.
"There are ways that individuals can get into the personal emails of anybody."
It's not just that it's out of fashion, it's that AOL's email isn't very secure. Companies such as Google have long offered the option to add an extra layer of security when logging into your email, called two-factor or two-step authentication. AOL added it only earlier this year, after Brennan's account was hacked. Despite that, Brennan used it to send stuff such as a government form that included his social security number, home address and a long list of family members and people that know him well.
Brennan didn't really elaborate much more on the incident, but he did hint very indirectly that perhaps he shared part of the blame.
When 60 Minutes' Scott Pelley followed up on Brennan's answer by asking him whether privacy was dead, Brennan said that "individuals are liberally giving up their privacy, you know, sometimes wittingly and sometimes unwittingly as they give information to companies or to sales reps or they go out on Facebook or the various social media. They don't realize though that they are then making themselves vulnerable to exploitation."
Sometimes the easiest way to break a technology is to attack the humans behind it.
In other words: sometimes the easiest way to break a technology is to attack the humans behind it. That's what the hackers, who called themselves "Crackas With Attitude," did to hack into Brennan's AOL email account.
At the time, one of hackers said he called Brennan's internet and phone service provider and tricked an employee to give up Brennan's social security number. Then, the hacker allegedly called AOL and got a support representative to reset Brennan's email password, convincing the rep that he was Brennan himself by providing his social security number.
It's unclear whether Brennan gave up on his AOL email account, or deleted it completely. (A CIA spokesperson declined to comment.) At least he learned to be a bit more paranoid about internet security, saying that cyberattacks are what really keep him up at night. Hopefully he learned to be more careful himself.