Investigation is being carried out by the FBI and The Secret Service into the reports that the non-government personal accounts associated with CIA Director John Brennan as well as Department of Homeland
Security Secretary Jeh Johnson were hacked.
The alleged hacker was first interviewed by The New york Post. In the interview he said he accessed an AOL email account associated with
Brennan that included files regarding his security clearance application, and the hacker also claims to have accessed a Comcast account associated with Johnson.
In an interview with CNN on Monday, the alleged hacker said he has yet to be contacted by law enforcement.
Reports issued by the CIA on Monday stated that they were aware of the hack, A DHS spokesman also issued a statement saying, “We don’t discuss the Secretary’s security information. We have forwarded this matter to the appropriate authorities.” The FBI declined to comment.
According to a law enforcement, no classified information was accessed during the hack.
The alleged hacker said he inspired by both politics and the urge to shame the government.
“John and Jeh are both very big people and high-ranking people, so, I mean, if we hacked them, they would be ashamed,” he said. “But it was really because the government are killing innocent people, they also fund (Israel) for killing innocent people.”
The reports highlight the sensitivity of government officials using personal email addresses whether or not they use them for government purposes, an issue thrust into the spotlight in part by Hillary Clinton’s use of private email when she was secretary of state.
The use of personal accounts for non-governmental purposes on company computers by officials has raised concerns, While much of the controversy over Clinton’s email use stems from the fact that she used the account for work purposes.
The problem is that private email addresses make easy targets Johnson apologized over the summer for getting a waiver to use personal email on government computers at the Department of Homeland Security — the civilian agency tasked largely with leading the federal government’s cybersecurity efforts. He called it a “whoops” moment and extended an existing ban to cover top officials who had sought waivers for their email access.
The drawback associated with the use of personal email is that it can be an easy target for hackers and exists beyond the protections on government email addresses managed by the government.
In fact, the hacker told The New York Post that he used a stunningly simple tactic to allegedly hack Brennan’s account.
The process, called “social engineering,” involves collecting information on a person that is publicly available and using it to personalize an attack on their accounts. In this case, the alleged hacker told the Post he tricked Verizon employees into giving him Brennan’s information and got AOL to reset his password, presumably sending the reset to the hacker.
The tactic, taking advantage of call centers, has been documented by several in the security community as a relatively easy and dangerous hacking technique.
In another form of social engineering, a hacker in 2008 broke into the email account of former vice presidential candidate Sarah Palin by answering her simple security questions, including her birthday and zip code.
And there are other ways personal email addresses can be a risk, including malicious software spread by links in unsophisticated spam.
Though in this case it doesn’t appear any classified information was housed on the officials’ accounts, the hacker claims to have accessed Brennan’s 47-page application for his security clearance, which includes countless personal details, and to have accessed Johnson’s
billing page and voicemails.
The hacker told the Post he was a high school student who is critical of U.S. foreign policy and a supporter of Palestine.
Source : Edition