Stoner high school kid claims to have hacked CIA Director's email account

A teenage stoner claims to have taken control of CIA Director John Brennan's personal AOL email account where some government documents were stored. The same hacker allegedly took over Comcast accounts of the DHS Secretary and the White House Deputy National Security Advisor.

The CIA Director had an AOL account where he allegedly stored highly sensitive information of his own, of other top American intelligence officials and of the CIA’s. The personal account came to light after a hacker took it over and started leaking screenshots. The same hacker doxed Homeland Security Secretary Jeh Johnson and leaked call logs of White House Deputy National Security Advisor Avril Haines.

The unnamed hacker was identified as a “teen stoner” by the New York Post. This hacker, going by an alias of “cracka,” claimed “CWA” pwned CIA Director John Brennan, Homeland Security Secretary Jeh Johnson and White House Deputy National Security Advisor Avril Haines. The NYPost reported, “CWA stood for ‘Crackas With Attitude,’ which he said referred to him and a classmate with whom he smokes pot.” It seems like getting high doesn't make the teenager too paranoid to target and hack specific feds. 

Apparently having learned zipola from Hillary Clinton’s email scandal, CIA Director John Brennan allegedly stored sensitive files in his non-government email account; files such as his top-secret security clearance application, “Social Security numbers and personal information of more than a dozen top American intelligence officials, as well as a government letter about the use of ‘harsh interrogation techniques’ on terrorism suspects.”

The hacker claimed to have been prank calling the CIA Director since August; during one call the hacker recited Brennan’s Social Security number. The stoner/hacker claims to have gained control of Brennan's email account on October 12 and to have stolen documents that the CIA Director “stored as attachments to about 40 emails.”

Using social engineering tactics, the hacker allegedly tricked Verizon into “providing Brennan’s personal information and duping AOL into resetting his password.” The hacker has posted numerous screenshots on Twitter as “proof;” one shows an inbox with 8,174 emails and numerous AOL account password request changes as “cracka” said there was a “battle between me and CIA;” the CIA would supposedly regain control of the account before the hacker would take it back over.

Another screenshot shows Brennan’s wireless phone bill as the hacker taunted the CIA to “step your game up homies, we own everything of you.” One tweet contains a screenshot of suspicious activity logs as Brennan was “trying to get CWA arrested.” Yet another shows a CIA Office of General Counsel fax cover page. Supposedly, Brennan offered the hacker money to “leave him alone.” On Friday, Brennan canceled his AOL email account.

While it’s true that anyone online can claim anything and attempt to back it up with Photoshopped or other such images, and the pwnage of Brennan appeared to be a series of one-sided claims, the CIA did release a statement to the NYPost: “We are aware of the reports that have surfaced on social media and have referred the matter to the appropriate authorities.”

Earlier in October, “cracka” doxed DHS Secretary Jeh Johnson after allegedly taking over Johnson’s Comcast account; there is a screenshot of text messages allegedly sent to Johnson’s wife before she changed her phone number. The hacker also posted a screen capture of Johnson’s Comcast call logs, of customizing his cable TV setup, and even of call forwarding that would allegedly send Johnson’s parents to a “Stop War Organization” each time they tried to call their son.  

It is of little surprise the feds would be after the hacker, or that “cracka” would abandon his Twitter account “as things are starting to get hot.” Yet the new _CWA_ Twitter account kicked off by announcing it owned White House Deputy National Security Advisor Avril Haines, showing her Comcast account, and promising to leak her call logs. The same account offered to leak the head of the CIA’s contact list that allegedly contains 121 .gov and 638 .com email addresses. Portions of both appear to have been leaked.

If it turns out to be true that Brennan did store government documents in his personal email account, then expect another email scandal as some government officials seemed to have learned nothing from the Clinton email scandal. Or, as another unnamed source told the NYPost, “[The] problem with these older-generation guys is that they don’t know anything about cyber-security and as you can see, it can be problematic.” Betcha they are learning now…Happy Cyber Security Awareness Month!

To express your thoughts on Computerworld content, visit Computerworld's Facebook page, LinkedIn page and Twitter stream.
Windows 10 annoyances and solutions
Shop Tech Products at Amazon
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.