Details are emerging about the motivations and the methods behind the alleged hack of CIA Director John Brennan’s personal AOL email account, with the supposed hacktivist identifying on Twitter as an advocate for a “free” Palestinian state — and claiming he and others broke in simply by fooling a Verizon agent.
He also praised Allah in his Twitter bio.
Meanwhile, questions are being raised about Brennan potentially having sent work-related emails through his personal account, a move one tech expert called “just plain stupid.” And if any work-related emails were sent containing classified information, it could pose a legal problem similar to the one facing Hillary Clinton.
A law enforcement source confirmed to Fox News Monday that the FBI was looking into claims that Brennan’s personal AOL email was hacked.
Analysts noted the cyber-vandals may have used a tactic known as “social engineering,” and not traditional hacking. The anonymous hacker claiming credit told WIRED that he and two other people, after learning Brennan was a Verizon customer, posed as a Verizon technician to trick another Verizon employee into giving them access to the company’s customer database.
From there, they reportedly were able to access Brennan’s account number, his backup cell phone, the last four digits of his bank card number and his AOL email address. With that information, they were able to call AOL and gain access to the account on Oct. 12, the hacker told WIRED.
The hacktivist’s Twitter account includes links to files he says are Brennan’s contact list, a log of phone calls by then-CIA deputy director Avril Haines, and other documents.
One document purporting to come from Brennan’s AOL email account contains a spreadsheet of people, including senior intelligence officials, along with their Social Security numbers, although the hacker redacted the numbers in the version he posted on Twitter.
The hacker told the New York Post he had also obtained a 47-page version of Brennan’s application for a security clearance, known as an SF86. That document contains detailed information about past jobs, foreign contacts, finances and other sensitive personal details. No such document appears to be posted on the hacker’s Twitter account, but it’s not clear whether the hacker posted it elsewhere.
“His SF86 contains information on references on bosses, on managers, on friends. If that file gets out, it could actually put these people’s lives in danger. Their identity is not supposed to be known by the general public,” Morgan Wright, a cybersecurity expert, told Fox News.
The hacker, whom the New York Post described in an article published Sunday as “a stoner high school student,” appears to have been motivated in part by his support for a Palestinian state.
The hacker told WIRED that when they called Brennan’s cell phone, he asked them what they wanted, to which they replied: “We just want Palestine to be free and for you to stop killing innocent people.”
The supposed hacker’s Twitter page also referenced the Palestinian cause.
In his bio on Twitter, the hacker also posted “La il laha il Allah, Muhammad a rasool Allah” which translates as “There is no god but Allah. Muhammad is the messenger of Allah” – a traditional Islamic statement of faith.
It’s unclear to what extent Brennan may have used the AOL account for work-related business. A CIA spokesman told Fox News they are aware of the claims: “We are aware of the reports that have surfaced on social media and have referred the matter to the appropriate authorities.”
As the matter is under review, the veracity of the hacker’s claims is unclear. But one tech expert told FoxNews.com that the story sounded credible.
“[Hackers] learn the jargon and pose as line workers or switch operators and get access to restricted areas of the network,” Roger Kay, of Endpoint Technologies Associates, told FoxNews.com. “Security at AOL and other networks is reasonable, but weak passwords can always be cracked, and password recovery schemes are typically based on information about people stored from questions like ‘What was the name of your first pet?’”
Kay said that, if the claims are true, the breach shows poor judgment from the man in charge of the nation’s central intelligence.
“The CIA director was just plain stupid to use a common service like AOL for sensitive communications. He really should have known better,” Kay said….