Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Security Crime Government The Internet

Feds Looking Into Reports CIA Director's Email Was Hacked (nbcnews.com) 100

An anonymous reader writes: The FBI and Secret Service are looking into reports that non-government personal accounts of CIA Director John Brennan and Department of Homeland Security Secretary Jeh Johnson were hacked. NBC reports: "Questions over a possible hacking of a private email account belonging to the CIA director arose late on Sunday after the New York Post published a story in which a hacker claimed to have gained access to the account. Described by the Post as a 'stoner high school student,' the individual claimed to have taken documents that included the Social Security numbers of top intelligence officials, among other information." ComputerWorld's story on the hack describes some of the images published by the hacker as well, poking fun at Brennan: Another screenshot shows Brennan’s wireless phone bill as the hacker taunted the CIA to “step your game up homies, we own everything of you.” One tweet contains a screenshot of suspicious activity logs as Brennan was “trying to get CWA arrested.” Yet another shows a CIA Office of General Counsel fax cover page. Supposedly, Brennan offered the hacker money to “leave him alone.”
This discussion has been archived. No new comments can be posted.

Feds Looking Into Reports CIA Director's Email Was Hacked

Comments Filter:
  • by Anonymous Coward

    you appoint someone like Jeh Johnson, who was a former Democrat fundraiser, for his political connections rather than his ability.

    • by Anonymous Coward

      Why was this voted down? Even his Wiki page says he was a Democrat fundraiser.

      • by unimacs ( 597299 )
        Because maybe when a white dude who had a 25 year career with the CIA gets hacked too, it's not all that relevant.
      • by tnk1 ( 899206 )

        One is a political appointee, the other was an agency executive. The fact is that I expect them to not know shit, people at that level don't know squat about specific security measures for things like email. What I am concerned with is why the numerous experts that the government does have are not running the show on these execs' security.

        I get that a lot of this is personal stuff that was not agency or department related. For instance the clearance application is not a government document as much as it

        • Political appointee does not mean what you think it means. They both are political appointees that serve at the pleasure of the President. While one was appointed based on experience, the other was selected based more on political consideration than experience.
        • by Mr.CRC ( 2330444 )
          They should know not to have any sort of personally identifiable information of any employees other than themselves on a personally owned computer, or a work owned computer lacking an encrypted drive. That is a big no-no. Not nearly as big as having classified outside of where it belongs, but still a thing that if someone does it, they should be seriously demoted. Someone at the level of a director should not be fucking up like this.
  • by Anonymous Coward on Monday October 19, 2015 @03:50PM (#50761353)

    I think the main thing here is .... AOL is still around?

    • It is, though mostly in supply email services (and media/ad network stuff).

      In fact, you can almost date (non-tech industry) people based on their email addresses now. Gmail? Probably 20s-30s. Yahoo? 40s-50s. Aol? 60+.
  • SSNs? (Score:3, Funny)

    by akgooseman ( 632715 ) on Monday October 19, 2015 @03:51PM (#50761363) Homepage
    FFS, why would any person who isn't an idiot email a Social Security number?
    • EQIP is the questionnaire the FIB uses to screen people for clearances. It's quite extensive, and quite invasive. It's the information the government lost in the big breach last year. At any rate, it is entirely possible this idiot mailed the form from work to home to fill it out, and then back again... and it sat on his mail server until the hacker gained access to it. It's been a couple of years since I did mine, but I do believe SSNs are on it, including SSNs of family members and associates.

      • https://www.opm.gov/investigat... [opm.gov]

        The information is quite extensive. That is why the OPM breach is so very bad. I am amazed more people haven't been owned from this breach, but I haven't heard of the information being used at all.

        BTW, EQIP is the online site used to fill it out, the form is the SF86.

        • by KGIII ( 973947 )

          I did some work for the federal government, specifically a military contract (yes, they use traffic modeling too) and, for some bizarre reason the information was considered classified. I do not really pretend to understand why. I can't tell you what the information was but I can tell you that it probably didn't need to be classified - maybe as FOUO, I guess. But we had to work with the data on their equipment and on site. Anyhow, this was about 12 years ago. I've not heard a thing but I worry that my data

          • I understand, I also am quite worried and have heard very little. It is unfortunate, but they are supposedly trying to figure out who was exposed still.

    • by AHuxley ( 892839 )
      In todays digitized, privitized for profit world? It could be as simple as standard gov/mil digital paperwork. A privitized company that keeps one long document that lists mil/gov skills and past work history.
      Its sent back to keep safe as "your copy" or to add to or to correct. No need to make the long trip to some secure US gov building and sit down after showing ID :)
      The main reason is to make the US mil and gov as attractive to contractors as the private sector. The ability to have a digital work h
    • FFS, why would any person who isn't an idiot email a Social Security number?

      I had to last year. Didn't want to, but had to. I was buying a house. I completed most of the mortgage application online via the bank's secure server, including my SSN. But a day before closing the bank told me they needed my signature on some paperwork. The paperwork also had my SSN. The bank's loan office was a hundred mile round trip I didn't have time for, and time was of the essence. So I asked if I could scan and send

      • by Mr.CRC ( 2330444 )
        You may have been able to simply rename the encrypted file .pdf, and it would fly through the filter. Then instruct them to rename it on their end, if need be.
      • by pnutjam ( 523990 )
        You know, you can password protect pdf's. Sallie Mae used to send me password protected PDF's all the time. I use pdfcreator to make them.
    • Why are agency SSN's on John Brennan's AOL account?
      • That one confused me, but I think they found his SF86 in his email, not other people's SSNs

        https://www.opm.gov/investigat... [opm.gov]

        • Since SF 86 is one of the documents used in granting security clearances, I'm fairly certain that a completed SF 86 is a classified document. It should not have been on an unsecured network.
          • SF 86s are not classified. They require special protection because they contain PII, but that's different than classification. You're allowed to work with them on non-classified machines. You're allowed to fill out your own SF 86 on a machine that you personally own.
  • by tripleevenfall ( 1990004 ) on Monday October 19, 2015 @03:51PM (#50761365)

    Why, this is ridiculous. Everyone knows that these personal email servers are secure and aren't a national security risk. Some of our top decision makers have been reassuring us of this all year.

    They wouldn't use these simply to subvert record-keeping laws and hide their activities from freedom of information act requests and the like, now would they?

    • Re: (Score:3, Interesting)

      by khasim ( 1285 )

      The problem is that the ONLY people who can use email this way would have to be 100% certain that no one sending them anything will ever betray them.

      And that gets even more ludicrous when you're talking about a PUBLIC email service.

      Do you think that China and Russia and everyone else does NOT have people working at GMail and Yahoo! and Verizon and so forth?

      If they don't have direct access to the public email servers then I'm sure they have access to the ISP's feeding those email servers.

      ENCRYPTION! Use it.

      • The interesting question would be if you were to PGP sign+encrypt your email in the public record, could you be compelled to disclose the private key?
  • by The-Ixian ( 168184 ) on Monday October 19, 2015 @03:52PM (#50761375)

    That "stoner kid" is about to have the weight of the world land on her shoulders....

    • by zlives ( 2009072 )

      did the hacked acknowledge that they are hacked? i am going to assume this is a hoax until then.

      • yes because everyone who gets hacked fesses up to it
        • by zlives ( 2009072 )

          just because you say you hacked pentagin's gibson, you shouldn't be taken seriously.

          • also true, always be skeptical, but to assume its a hoax "until they fess up" is a stretch
          • Claiming to have hacked into someone's personal AOL account and showing documents however is much more plausible. (This is what is claimed, not that the CIA or HSA was hacked).

    • by Anonymous Coward

      Dude, you're gettin a cell!

    • by tnk1 ( 899206 )

      Apparently pot isn't bad for you, except for some rare side effects where you turn into a moron and hack Homeland Security executives when you don't have a plan to flee to Russia.

      It's Reefer Madness!

    • Although it's illegal and unethical, the CIA is convinced torture works. Brennan should be subjected to it until he reveals all the illegalities in which the CIA has engaged over the past forty years. It's tough, but given that torture works this would provide sufficient information to support the deportation of American war criminals (bye DIck, bye Dubya, bye Condi) to countries in which they can be prosecuted. I'd suggest waterboarding, it's just barely torture, after all.

      I suppose there's a possibilit

    • by rtb61 ( 674572 )

      HEY, if they weren't so fucking naughty, murderously so, they would not be so desperate to keep their fucking secrets. They quite erotically explore our every orifice but when it comes to exposing their truly ugly filthy corrupt slimy secrets all hell breaks lose (apparently for good reason because war crimes courts and they are criminals of the worst order). We all know who the weight of world, the weight of their guilt should fall upon and it ain't a bunch of smart stoners, exposing crimes is not a crime,

  • by Anonymous Coward

    good for the goose good for the gander.

  • Any off-the-shelf service or system is probably quite vulnerable to large-state-sponsored hacking.

    And this includes "generic" gov't servers not designed for storing secrets (such as the one Mrs. H "should have used").

    • Correction, "Mrs. C", not H.

      Also, I believe her office had a separate "special" system for classified messages. This is not the "regular" server for non-classified info. However, the details are classified, for obvious reasons.

      • The State Department has an official Unclassified email system, an official Secret one, and an official Top Secret one. The existence of the three parallel networks isn't itself classified.

        Clinton should have used the appropriate official network to send each message she sent. (Secret emails through the Secret email system and etc.)

        Instead, Clinton used a private system exclusively. That's 100% wrong. Regardless of the protection on the private server, there's NO SUCH THING as a private system approved

  • by Anonymous Coward on Monday October 19, 2015 @03:54PM (#50761399)

    In the Snowden aftermath, why is that everything upper level NSA/CIA/government officials do is not surveilled by the general public and made available to the public?

    After all, if they can do it to us, then the senators who voted for the program and the NSA officials who implemented it ought to be fair game, no?

    People they sit next to in restaurants should secretly record their conversations. Their ISPs should publish their emails. Their nextdoor neighbors should upload video of their houses. Terrorists are everywhere these days, and you can't be too careful. If they have done nothing wrong, than they should have nothing to fear or hide.

    • In the Snowden aftermath, why is that everything upper level NSA/CIA/government officials do is not surveilled by the general public and made available to the public?

      After all, if they can do it to us, then the senators who voted for the program and the NSA officials who implemented it ought to be fair game, no?

      People they sit next to in restaurants should secretly record their conversations. Their ISPs should publish their emails. Their nextdoor neighbors should upload video of their houses. Terrorists are everywhere these days, and you can't be too careful. If they have done nothing wrong, than they should have nothing to fear or hide.

      Perhaps drone strikes on all non gubbermint mail servers are in the future? That's it! All non-gubbermint mail servers are terrorists!

  • by butchersong ( 1222796 ) on Monday October 19, 2015 @04:09PM (#50761497)
    This is a personal email account. It shouldn't matter all that much that it was hacked unless he was using it for the people's business when he shouldn't have been. Well, other than the fact that some stoner kid was able to get leverage and personal info on the CIA director.. but if that is the case then we should assume the russians, chinese etc. already had such access.
    • by bmo ( 77928 )

      Isn't the reason that you are grilled during a security clearance audit/review/interview that they are looking for things you might be vulnerable to when blackmailed?

      Seeing the stuff that Hastert was being blackmailed for, I think this point is extremely cromulent.

      Wouldn't using an insecure email account by such a person be grounds enough to yank that person's clearance if it hasn't been declared? Especially if it has been used for years.

      --
      BMO

      • by Locke2005 ( 849178 ) on Monday October 19, 2015 @04:36PM (#50761671)
        Exactly. My coworker had several security clearances, and every time he went up for a new one he had to sign a confession admitting that he had been busted for possession in the Bahamas because someone handed him a lit joint just before a cop walked up. They're not so much concerned with what you've done, just that it's a matter of public record so that you can't be blackmailed for it. This was the main reasons why "Don't ask, don't tell" was the worst possible policy for security - people that can immediately and irrevocably lose their entire career because of a single incident of homosexual conduct are easy targets for blackmailers!
        • by HiThere ( 15173 )

          Nah...that was a reasonable first step...they just left out the third step, which needed to immediately follow: "don't care".

        • by Anonymous Coward

          . lose their entire career because of a single incident of homosexual conduct are easy targets for blackmailers!

          I'm curious how valid this is these days or in 1990s. Back in the Cold War, no KGB agent will ever approach a homosexual. i.e. you dedicate service to the duties of Communism and train very hard to be effective KGB agent. Associating with a queer will not put you in good standing with your comrades*. Like other things i.e. catching someone with a mistress, they never did that because the person they are trying to blackmail will probably ask for the photos to give to his friends to show how big a stud he is.

      • by tnk1 ( 899206 )

        I don't think they prevent you from using an insecure email account. The email account is simply how you'd transmit evidence of what you can be blackmailed with.

        In any event, you give up some rights, but not all. All they would care about is that you declare to them anything you can be blackmailed with. If you're screwing around behind your wife's back or doing something that makes you look bad, they can bust you for not declaring it to them and decide if you are a risk or not. If they think that you're

        • by bmo ( 77928 )

          I don't think they prevent you from using an insecure email account. The email account is simply how you'd transmit evidence of what you can be blackmailed with.

          I don't think they prevent you from doing it either. I do think that if you have one, that it should be declared that you have one when you do your security audit. If this guy at the CIA had one and didn't declare it then that should be a problem.

          People think nothing of creating an email for "non-official business" (like an affair) and not telling

  • by Hognoxious ( 631665 ) on Monday October 19, 2015 @04:12PM (#50761513) Homepage Journal

    If anyone's hacking the CIA, it's probably the FBI. Assuming that the CIA rate above a milliholmes[1], they're probably aware of this and are counter-hacking the FBI.

    Conclusion: He hactually acked himself, the dozy cunt.

    [1] SI unit of having a clue

    • by labnet ( 457441 )

      If anyone's hacking the CIA, it's probably the FBI.

      If the USA should abolish any three letter agency, it should be the CIA. This crooked agency has only really worked for big business (esp the Bush cabal), over throwing legitimate governments, destabilizing the world and causing millions of deaths in the resulting civil unrest and general hatred for the USA.

  • by Type44Q ( 1233630 ) on Monday October 19, 2015 @04:49PM (#50761727)

    This really reeks of some extremely-poorly-thought-out false flag silliness on the part of the Feds... if the intelligence services themselves are at risk, then surely we need more draconian "security measures" to protect ourselves...

  • Summary doesn't say what "CWA" is.... Chuggers With Attitude? Country Western Airlines?

  • The NSA will have records of this after all

Real Programmers don't eat quiche. They eat Twinkies and Szechwan food.

Working...