FYI.

This story is over 5 years old.

Tech

Teen Hackers: A '5-Year-Old' Could Have Hacked into CIA Director's Emails

The hackers explain how they allegedly got into John Brennan’s AOL account.
Image: Pete Souza/White House

Hacking into the CIA Director's personal email was apparently child's play, according to the group who claimed the feat on Monday.

The hacker group, which calls itself "Crackas With Attitude" or CWA, said that hacking into John Brennan's email was "not hard at all."

"Like a 5 year old could do it," one of the group's hackers, who called himself "cubed," told Motherboard.

The hacker, who claimed to be a 15-year-old American high school student, said CWA is made by six hackers. The hacker said he knows one member, "Cracka," from school, while they know the other members from online chats and forums. Cubed said that their intention wasn't to punish Brennan, but to embarrass him.

Advertisement

"He is meant to be leader of some big secure company but has been doxed and hacked by a bunch of high school students."

"He is meant to be leader of some big secure company but has been doxed and hacked by a bunch of high school students," cubed told Motherboard in an encrypted chat.

The hacker did not provide any information that conclusively proves that they really hacked into Brennan's email account. But he pointed to a screenshot that another member of the group tweeted last Thursday.

Here we have John Brennan trying to get crackaOctober 16, 2015

The screenshot appears to show an email from Brennan's alleged email account. In the alleged email, Brennan tells someone with a CIA email address about suspicious activity within his AOL account, and sends a list of logins from various locations and IP addresses around the world, presumably the hackers logging into the account.

An AOL spokesperson declined to disclose whether Brennan's alleged address indeed belongs to him, citing the company's privacy policy.

Cubed also explained how they got into Brennan's AOL email account. First, cubed said they identified Brennan's ISP as Verizon, and called the company, "pretending to be the live chat department" and claiming to have a problem with the customer lookup tools. That's how they got access to his social security number, which they then used to pretend they were Brennan when they called AOL asking to reset the password on the account.

Advertisement

"It was basically just a walk through," Cubed said. "We just said we were John and then asked for a password reset and they asked us his last four on his social security number or a security question."

On Monday, the hackers posted an alleged list of US intelligence employees, including Brennan, showing their email addresses, SSNs, and phone numbers.

The hackers also gave Motherboard another number, claiming it belonged to Brennan. When we called, however, nobody answered, and there was a voicemail recorded by a woman. Cubed later said that was Brennan's wife, Kathy.

The hacker said they were able to talk to Brennan over the phone calling that number.

"He was scared," Cubed said. "But was trying not to show fear."

The hacker claims Brennan even offered to pay them, but the hackers asked for "5 trillion dollars" and then "laughed at him" and told him to "stop bombing and #freepalestine."

Cubed also provided Motherboard with three emails he claimed belong to Brennan. One of them, according to online records, is associated with a website for a children's student center, which appears to belong, or have belonged, to Kathy Brennan.

"It was basically just a walk through."

The hacker also shared a home address in the town of Herndon, VA. Motherboard wasn't able to verify that this is indeed Brennan's home, but Brennan and his wife Kathy reportedly live in Herndon. In 2013, activists organized a vigil to protest the US drone program in front of Brennan's house. The activists listed a very similar address on the the vigil's Facebook event's page. This address also appears on Cryptome, a website that publishes leaked documents, which suggests the hackers could have collated publicly available information.

The hackers, however, refused to provide any screenshots or any evidence that proves they really hacked Brennan's account, and said they don't have access to his account anymore. So the hacker's claims, while plausible, should be taken with a grain of salt.