FYI.

This story is over 5 years old.

Tech

FBI Arrests Two Alleged Members of Group That Hacked the CIA Director

Two young men from North Carolina have been charged with their alleged connection to the hacking group "Crackas With Attitude."
Image: Shutterstock

Two young men from North Carolina have been charged with their alleged connection to the hacking group "Crackas With Attitude." The group gained notoriety when it hacked into the personal email account of CIA Director John Brennan last year and in the following weeks claimed responsibility for hacking the Department of Justice, email accounts of several senior officials, and other US government systems.

Advertisement

Andrew Otto Boggs, 22, who allegedly used the handle Incursio, or IncursioSubter, and Justin Gray Liverman, who is suspected of using the moniker D3f4ult, were arrested on Thursday, according to a press release by the US State's Attorney's Office in the Eastern District of Virginia.

Crackas With Attitude, or CWA, first sprung on the hacking scene when they broke into Brennan's AOL email account in October 2015. The group distinguished itself for openly bragging about their exploits and for making fun of their victims online. After hacking into Brennan's account, one of the members of the group, known as "Cubed," said it was so easy "a 5 year old could do it." After Brennan, the group targeted and hacked the accounts of Director Of National Intelligence James Clapper, a White House official, and others.

Read more: Teen Who Hacked CIA Email Is Back to Prank US Spy Chief

Much of the time, the group would use social engineering to gain access to accounts. In February, one member of the group explained to Motherboard how they broke into a Department of Justice system, by calling up the relevant help desk and pretending to be a new employee. That hack led in the exposure of contact information for 20,000 FBI and 9,000 DHS employees.

The group made heavy use of social media, and in particular Twitter, to spread news of the dumps and mock victims. However, according to the affidavit, Boggs allegedly connected to one of the implicated Twitter accounts (@GenuinelySpooky) from an IP address registered to his father, with whom Boggs lived.

Advertisement

Much the same mistake led to Liverman's identification: an IP address used to access the Twitter handle @_D3F4ULT and another account during the relevant time period was registered to an Edith Liverman. According to the affidavit, publicly available information revealed that Justin Liverman lived with Edith at the time.

The affidavit also includes several sets of Twitter direct messages between members of the group.

"I'm going to help you with 0wning the [U.S. Government Agency affiliated with Victim 1]," Boggs allegedly wrote in one conversation, adding that he would go to a public wifi spot to publish information that the group had obtained. Indeed, much of the conspiracy seems to have happened through Twitter direct messages, which are easy to obtain for law enforcement.

In November 2015, Cracka, the apparent leader of the group, allegedly asked Liverman for his Jabber handle, a free online chat service that is often used for encrypted communications. But Liverman seemingly logged his conversations: according to the affidavit, law enforcement found copies of chats on his hard drive, including one where Liverman encouraged Cracka to publish the social security number of a senior US government official. These logs make up a large chunk of the affidavit, laying out the groups alleged crimes in detail, and investigators found other forensics data on Liverman's computer too.

Liverman also allegedly used a phone number linked to the @_D3F4ULT account to call one of the unnamed victims, and even recorded himself paying for a phone-bombing service to bombard the target's device with calls.

Advertisement

Liverman and Boggs are the latest alleged CWA members to be arrested. Earlier this year, UK police arrested a teenager suspected of being "Cracka," and another 15-year-old suspected of being "Cubed." The real identities of Cracka and Cubed have not been publicized yet.

In the affidavit, the FBI identifies the member's Twitter accounts and aliases.

Liverman and Boggs did not respond to messages sent to their alleged Twitter accounts. The teenager accused of being Cracka declined to comment.

Days after the first arrests, the members of CWA kept threatening with more attacks.

"Just because they managed to arrest two members doesn't mean we'll stop hacking them," IncursioSubter told Motherboard in February, after the arrests of Cracka and Cubed.

The hacker, however, was worried, and said he was expecting to be raided before the end of February. It took longer, but it seems that his concerns were warranted.

After news of the recent arrests came out on Thursday, another member of CWA, known as Zoom, told Motherboard that he was "worried."

"I talked to default at 4 am this morning and now he's apparently been raided," Zoom said in an online chat. "I thought they were gonna leave us alone after they took my stuff. I still haven't gotten my laptop or my externals back."

Zoom claimed to have been raided earlier this year, but said he hasn't been arrested nor charged yet. The hacker also claimed that the FBI got the wrong person arresting Boggs because Incursio was actually a woman.

Advertisement

"Its not like this isn't the first time the FBI has been confused," Zoom said.

Zoom also sent a picture he apparently took, saying: "How I feel about the feds."

Finally, Zoom also sent another defiant message, saying "Cracka isn't a person, cracka is an idea. We are all cracka, we all feel that way deep down. Just look at our country and who we have running for president. America needed CWA, it needed a wake up call."

"The feds will never stop us," he said.

Want more Motherboard in your life? Then sign up for our daily newsletter.

This story has been updated to include the comments from Zoom.