Teen Hacks US Intelligence Chief's Personal Accounts

An anonymous reader writes: The U.S. Director of National Intelligence, James Clapper, has now joined the CIA's John Brennan in having his personal online accounts hacked. A teenage hacker known as 'Cracka' has claimed responsibility for the hack, reporting that he had infiltrated Clapper's home telephone, online accounts and his personal email, as well as his wife's Yahoo account. Cracka had managed to change the settings on Clapper's Verizon Fios account so that any calls to his home number were redirected to the Free Palestine Movement group in California.

On the one hand ...

[gstoddart]

On one hand, kudos for being ballsy and doing this.

On the other hand, if you go messing around with the Director of National Intelligence ... well, you should expect some pretty heavy consequences.

And I'm sure they'll find all sorts of trumped up charges to make your life miserable.

Re:

[Shoten]

On one hand, kudos for being ballsy and doing this.

On the other hand, if you go messing around with the Director of National Intelligence ... well, you should expect some pretty heavy consequences.

And I'm sure they'll find all sorts of trumped up charges to make your life miserable.

Yeah, no kidding...

"I R SO L33T! I GOT TEH CIA MAD AT ME!"

Yeah, he's a real fucking genius.

Re:

[Thanshin]

And I'm sure they'll find all sorts of trumped up charges to make your life miserable.

Where the trumped charge could be "victim of a hit and run" and "miserable" could mean "short".

Re:

[Anonymous Coward]

Ts ts, slashdotters and their totalitarian fantasies...

Re: On the one hand ...

[tysonedwards]

Is it a trumped up charge to compromise the security of a third party's computer systems, let alone update billing records, let alone causing increased realized financial expense to said party? Even if they strictly followed the letter of the law, wire fraud and illegitimate use of a computer system, if not felony hacking.

Re: On the one hand ...

[gstoddart]

"Cracka" is a cracker not a hacker. Hackers do not engage in malicious activity but explore systems to learn about them.

BULLSHIT!

You kids who have retroactively decided to re-define hacker and cracker are so full of shit it isn't funny.

Historically there is no such distinction, and "hacker" was the only word for about three decades or so. A hacker may or may not have done anything malicious. Cracker is a word which came along much later. In fact, it came along in the late 90s and suddenly people started claiming there was a semantic distinction.

For anybody who was around before that, there simply is no distinction, and claiming it has always been so is a lie.

"l337 h4x0rs" were who hacked your system, no matter if they just looked around, or burned it to the ground.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:

[Gr8Apes]

For anybody who was around before that, there simply is no distinction, and claiming it has always been so is a lie.

When I was browsing dial up BBSes back 1994, I remember the distinction being made, so this has been going on for a long time.

Out of curiousity, how far ago (like what year, minimum) does the distinction need to be to not be considered a retroactive decision to re-define hacker?

I second this, recalling around the time of the early 90s when malicious activity was stated as people cracking software, and crackers, while hackers were people that built things.

Re:

[thegarbz]

That was only a subset of malicious activity. Cracking software had a very specific meaning back then too, and that didn't involve breaking into someone's email account or getting a virus on a computer and deleting the MBR off the boot drive. In fact when I think back to the 90s I've always remembered "hackers" to be the ones who infiltrated, and "crackers" to be the type to modify software for reasons only considered malicious by the publisher.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[thegarbz]

Well time only started 1st Jan 1970 at 00:00:00 so let's go with that :-)

Re:

[Gr8Apes]

There were no firewalls. There was no DCMA and several sites had no passwords. No such thing as a computer virus. You could connect to government servers, schools and various businesses.

I can attest that there were no firewalls on some surprising networks as late as 1998, where entire organizations computers were directly connected to the internet, no firewalls, and in some cases no security at all.

Re:

[thoromyr]

so... you agree with gstoddart that the term and distinction occurred in the 90s? You do realize that your "1994" data point does not disagree with his assertion?

BTW: life existed before you were born, people (including your parents) had sex. Yes, it was a new discovery for them too. Every generation thinks it is unique, special, and the first to discover everything. Honestly, since you seem to have been self aware twenty years ago I'm a little surprised you haven't figured this all out yet.

No, bringing in

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[ganjadude]

agreed, 94 was around the first time i heard cracker as a more precise use.

hackers were sick of being called bad guys so they dubbed bad hackers crackers

Re:

[Anne Thwacks]

You are the one full of shit. Hacker/hack is a term that originally meant what it still does in the phrase "people who do the hack work". It has always meant people with the knowledge of how things really work, whether in computing, the press, or anywhere else.

Now get off my lawn.

Re:

[h4ck7h3p14n37]

Cracker is a word which came along much later. In fact, it came along in the late 90s and suddenly people started claiming there was a semantic distinction.

The 90's?! Try the 80's, maybe even earlier.

A cracker was someone who defeated software copy protection. You'd get cracked games on floppy disks and they'd typically have something added to the startup screen saying "Cracked by CaptainKidd".

Re:

[gstoddart]

Sure, you cracked licenses but you hacked into systems.

Re: On the one hand ...

[kevmeister]

As someone who WAS there, working with the security community dealing with the Morris work in 1988 and the WANK worm shortly after and as the author of the first detailed analysis of WANK (Worms Against Nuclear Killers) while at Lawrence Livermore National Laboratory, I was there when the term "cracker" was born. I can credit folks like Russell Brand (not THAT Russell Brand) with the creation of the term.

This was before the commercial Internet, before TCP/IP, and in a day when no one thought twice about having an open "guest" account on a system because computer security was not an issue. People who played around with computer code and modified system kernels, as opposed to those designing or writing them, were referred to as "hackers". We were professionals who did custom modifications to software and wrote tools to analyze them. At the time I had licensed access to the source code for a variety of systems of that day including AT&T Unix, RSX-11M, IAS, and VMS. Things like custom system calls, an un-delete command, code to allow a co-processor (FPS AP-120B) to directly access a computer's file system. These were what I was paid to do and I, like many I worked with.I called myself a hacker. I hacked code.

When the first transmittable worms, viruses, and trojans appeared, the people who wrote them were also "hackers", but those of us who hacked code legitimately didn't much care to be lumped in with the bad guys, so the term "cracker" was devised. It never really caught on. To most people, hackers are bad guys. It's unfortunate, but the horse has left the barn, and is now dead and continues to be beaten to a rotten pulp.

To this day, in the developer community the term "hacker" retains its original meaning, It's someone who hacks code, often to fix or work around limitations or bugs or to add new functionality. They still hold "hackathons" to work as a group on resolving very complex issues in open source projects and understand what "hacker" means in that context and just live with the fact that the general public has a slightly different idea of whet the word means.

Re:

[topologist]

+1 (no mod points). As cogent and informative a summary of the "hacker/cracker" distinction as I've ever seen. The jargon file http://www.catb.org/jargon/htm... [catb.org] dates it to the early '80s:

One who breaks security on a system. Coined ca. 1985 by hackers in defense against journalistic misuse of hacker (q.v., sense 8). An earlier attempt to establish worm in this sense around 1981--82 on Usenet was largely a failure.

which would seem earlier than the parent's recollection, but it had probably been floating around in the collective engineering unconsciousness for some time. Of course, the etymology can probably be traced back to non-electronic crime, such as burglary (safe cracking/safe crackers).

Re:

[thoromyr]

By old usage, "cracking" was about breaking copy protection. In the 80s I can only recall it being used to refer game piracy. I don't recall the term "hacker" being used for game piracy at all. The terms "crack" and "cracker" are still primarily applied to game piracy.

Of course, breaking into someone's accounts is not the same as pirating a game. Attempts to retroactively define "evil hacker" as "cracker" are just that, retroactive. And not particularly successful. Yeah, someone who likes to "hack" might al

Re:

[Toshito]

And a cracker not only removed protections, but often had to also port the games to NTSC since a lot of games and demos in the 80's where not imported to the US/Canada and those were in PAL.

Porting usually meant optimizing the game to fit in the NTSC timing which was shorter than PAL (less scan lines, so less time to execute code before next screen).

And I remember that in those times Hacker meant someone trying to penetrate computers/networks, Cracker meant someone bypassing/removing protections from softwa

Re:

[HiThere]

Sorry, that battle has been lost. And there wasn't even malice involved, just headline writers in search of something that would really grab people, and a movie producer who probably had no idea what either a bit or a byte was.

For a similar event, the other day I happened to discover that one of my friends had no idea that vixen meant "female fox". It's useless to try to recover the older meaning.

For that matter, when is the last time you knew of hacker used to mean someone who built crude furniture with

Re:

[gstoddart]

That's the low hanging fruit that's easy to apply. Those would probably happen if you did it to almost anybody.

Now, how many laws (secret or otherwise) start to apply when you start touching things for which they can invoke "national security"?

Suddenly a LOT of resources get thrown at finding you, and people start talking about some next-level shit in terms of consequences.

I feel bad for this kid, because his life as he understands it is about to become pretty messed up.

Just how many federal agencies have

Re: On the one hand ...

[easyTree]

Does someone who oversaw illegal action affecting everyone in your country and lied about it under oath in his capacity if Director of National intelligence still receive the protection of the law he so casually tossed aside?

lol, are you kidding?

[CaptnCrud]

They will probably offer him/her a job.

Re:

[thoromyr]

why post AC? If I hadn't already posted I'd have modded this up. Of course, that naturally leads into a discussion about the gravity of the punishment for those charges...

And well deserved

[HalAtWork]

True because the director of national intelligence is of a higher breed than everyone else who has their personal details compromised every day. That's why you should expect heavy consequences for targeting that particular individual amongst all us plebs.

Re:

[Gr8Apes]

However hasn't Clapper said if you have nothing to hide, then you shouldn't mind your data being "public"? I'd say this might be a nice reminder that "public" may not be what you want all your data be, no matter how innocent you are.

Re:

[Coren22]

PETA who murders more animals than any other animal shelter?

Thank god for those animal killers.

Re:

[cheater512]

Actually his password was probably just 'password123'.

Re:

[jafiwam]

If a kid can do it, you can bet both cheeks that an "enemy" nation-state can (and probably did) do it without detection. You should thank the kid for being so obvious about it, give him a job, and let him off the hook (unless he seriously did damage, in which case make him pay for the damages for the first few years of his new job).

Just imagine if it were a whole server of "personal" email with possibly classified information on it. That would certainly be a crime on both sides now wouldn't it?

Re:

[turbidostato]

"Just imagine if it were a whole server of "personal" email with possibly classified information on it. That would certainly be a crime on both sides now wouldn't it?"

The article says "a teenager". Depending on how "teen" he is (i.e. 13 y.o.) then, no, it wouldn't be a crime since the boy would be criminally unimputable. If between 14 and 18 then it would be a misdemeanor at most, not a felony.

Re:

[pregister]

You missed the reference to the Clinton email "scandal".

Re:

[CastrTroy]

According to wikipedia [wikipedia.org] the age he would be considered criminally unimputable would vary by state, but he oldest age for any state is 11. He could certainly be charged as long as he is a teen. Most states set the age at seven.

In the United States, the age varies between states, being as low as six years in South Carolina and seven years in 35 states; 11 years is the minimum age for federal crimes.

The kid's got a bright future...

[hyades1]

...once they let him out of whatever Third World hellhole US intelligence is currently using to warehouse inconvenient people.

Re:

[sociocapitalist]

...once they let him out of whatever Third World hellhole US intelligence is currently using to warehouse inconvenient people.

Nah they'll just hire him.

Re:

[ColdWetDog]

That's what he said.

Re:

[hyades1]

You raise and excellent point. ;-)

Re:

[fred911]

"Nah they'll just hire him."

No, they won't. He'll go away. If he's lucky it will be to some unnamed cage where he'll be offered no constitutional protection or due process. If not, he'll have a fatal "accident" and we'll never hear anything more about it.

Re:

[david_thornley]

This isn't the first time something like this has happened. How many people breaking into the accounts of high government officials have been disappeared?

Incompetence

[LichtSpektren]

Our heads of national intelligence and security are easily compromised by remote hackers/social engineers. Sounds like a fairly big problem. Then again, our nation didn't complain too much when it was discovered that the Secretary of the Treasury either cheated on, or couldn't figure out, his taxes, so I guess this shouldn't be much of a shocker.

Re:

[internerdj]

How far up the management chain do you have to go in your organization before no one knows any of the technical details of what you do?

Re:

[gstoddart]

My experience? Two levels of org chart at most, often only one.

The transition from "understanding technical details" to "kinda sorta understands the concept" is fairly abrupt.

I once had a manager who had coded in JCL for about 6-8 months before he moved into management ... and that had been 15 years prior. He was mostly a sales guy who could give a demo, but didn't really understand things any more.

At the C-level? They mostly know how to take the union of all possible buzzwords available to them and use

Re:

[DarkOx]

Well in fairness to Turbo Timmy -

Outside of those individuals who are able to file 1040EZ or have a relatively simple 1040A situation; nobody knows how to file their taxes. The best even the professionals can do is make a good faith effort to follow the rules working with best available definitions that are often vague and subject to contest or dispute.

You then hope in the following order:
0) You don't get audited
1) Your answers to the auditors questions will convince them you were not trying to pull anythi

It must be said...

[hyades1]

This has all the earmarks of a Clapper-hacker Cracka Caper.

Re:

[torqer]

Dr Suess in 2016...

Re:

[Chris Mattern]

How soon they forget. Actually, it's Johnny Carson and Jack Webb. [google.com]

Re:

[Anubis IV]

Obligatory link for anyone too young to get it: https://www.youtube.com/watch?... [youtube.com]

Re:

[hyades1]

Exactly what I was thinking of. My mother bought me the "Best of Carson" VHS tapes so I could see him at the top of his game. That was part of them.

Thanks for bringing back some good memories.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:

[Anonymous Coward]

PEL grants

It's not an acronym. It's "Pell" and was named after the Congressman who came up with the idea.

Re:

[fredrated]

Outcome 1: the hacker is white. Outcome 2: the hacker is black.

Re:there are two potential outcomes.

[trybywrench]

outcome 3: the CIA locks him in a room and throws away the room

Do people live their careers?

[JargonScott]

I know there's the proximity issue of his job title to the issue, but really do people expect everyone to "live" their job? Sometimes a mechanic's car is shitty. Sometimes a doctor has poor health habits. Sometimes directors of national intelligence has a family and none of them work too hard for home IT security.

Re:

[Whorhay]

Having worked in the government there is a lot of work put into informing people about the dangers and risks of poor information security on a constant basis. The higher up the food chain you get the more critical it is that you understand those dangers and mitigate them as much as possible. When you get to the point that you are a national leader of a federal agency like he is all that personal stuff should be locked down incredibly tight. At that level you can safely assume that other nation states will b

Clap on! Clap Off!

[xxxJonBoyxxx]

Clap on! Clap Off! Clap on! Some-guy-who-got-his-email-hacked-like-a-noob!

Re: Clap on! Clap Off!

[easyTree]

Did you perpetrate this hack?

No Sir,... not wittingly.

Re: Clap on! Clap Off!

[easyTree]

Do not go to jail, go to promotion.

So...this kid hacked Yahoo?

[Gryle]

Aside from his target being James Clapper, I'm not really sure what the fuss is. From my reading of the article, Cracka managed to re-route residential phone numbers and got into some Yahoo accounts. Granted, this isn't the greatest PR for the DNI and this kid is certainly more technically skilled than I am, but it's not like he compromised a classified system somewhere. Perhaps someone else with more technical expertise can explain to me what I'm missing?

Re:

[ColdWetDog]

Well you would think that his technical staff would have, perhaps, maybe, gone over to his house once and made sure things were a wee bit hardened. It doesn't take a whole lot to compromise anybody and as countless spear phishing episodes have shown, once you crack the wall it's relatively easy to break it down entirely.

Of course, this all depends on TFA having some resemblance to the truth. The entire thing could have been made up, be a false flag, be a honeypot. Who knows?

Re:

[Registered Coward v2]

Well you would think that his technical staff would have, perhaps, maybe, gone over to his house once and made sure things were a wee bit hardened. It doesn't take a whole lot to compromise anybody and as countless spear phishing episodes have shown, once you crack the wall it's relatively easy to break it down entirely.

All this guy has done is get into some personal accounts. Embarrassing, sure, but not all that spectacular other than the target. I'm pretty sure the DNI has a secure setup for official use in his house. As long as he doesn't use personal emails for official business there is no risk of compromising classified material. Meanwhile, the teen has attracted date attention of agencies that have the ability to find him if they decide to; and buildings to house him before, during, and after a trial if he is convic

Re:

[Whorhay]

The danger isn't that some hacker would/could find some kind of nuclear launch codes or some equivalent. The danger is that if some basement dwelling teenage hacker can accomplish this, what does it say about our high level leaders vulnerability to more nefarious people and states. And you don't have to find the keys to the kingdom, or even anything that would ordinarily be classified. In Vietnam VC spies would simply observe when large formations of air craft took off, and what direction they where heading

Re:

[Okian Warrior]

Interestingly, the John Brennan hacking had nothing to do with Brennan or any sort of security breach.

Essentially, the hackers did a social hack on AOL (John Brennan's ISP) .

Brennan had nothing to do with it, had used good security practices, and only his personal stuff was made public.

I'm not sure what the fuss is about either. Yeah, personal E-mails and some slightly private information might be made public, and there's some political hay to be made from doxing the high-priority target, but it's really no

It's the DNI... no one in DC cares

[Koreantoast]

Silly hackers... don't they know that the DNI is considered a dead end job in Washington DC, particularly in the intelligence community? Their position is basically just a title with no real budget, assets or control over the actual intelligence agencies in the United States (a la CIA, NSA, DIA, etc.) who think that the DNI role is really theirs in practice. Heck, if anything, the DNI is probably happy to get some actual press.

Unwittingly

[tavita]

Said hacker did not hack the accounts. Not wittingly.

Attacking people's family is collective punishment

[Daniel Matthews]

I realise these are just kids, so without an ounce of wisdom, but how can they be smart enough to do this yet so stupid that they do not see that hurting other people just because they are related to a person you are politically opposed too is the sort of evil shit we condemn North Korea for? If you claim to act out of principle you need to keep in mind that ethical humans don't go after people at home, unless they are single, because family are off limits. If you knowingly break that rule then you are no