back to article CIA boss uses AOL email – and I hacked it, claims stoner teen

A teenager claims to have hacked the CIA director's AOL email account and laid his hands on sensitive government files within. The kid bragged he managed to trick staff at AOL parent Verizon into reseting the password to CIA boss John Brennan's personal account, allowing the youngster to hijack it. After apparently rifling …

  1. Anonymous Coward
    Anonymous Coward

    When...

    the fuck are people going to stop using public email services to carry out highly secretive government business?

    And I'm going to somewhat resignedly answer myself here;

    When they don't want to hide the illegal/embarrassing shit they're doing from the people who they represent.

    I know, he's a hacker, and like boo for illegality. But if you have nothing to hide on public office, why do this, unless you're ignoring basic security protocols because you're an idiot.

    That said: if it's good enough for Bush, Palin, Clinton (ms), Gove, and who knows who else...yet...

    1. Anonymous Coward
      Anonymous Coward

      Re: When...

      When the fuck are people going to stop using public email services to carry out highly secretive government business?

      LOL - you do not need to go far to find such stupidity. The UK government uses Gmail in a number of places in one of the most ill inspired attempts to claim it saves money, and some of that use is in places I would consider rather sensitive. This traffic goes straight to the US, they don't even bother with camouflage such as UK proxies (MessageLabs has a US based server in practically every "EU" named setup, including the services they sell to HMG).

      Amusingly, now Safe Harbor is dead (well, it is, but organisations like the IAPP are attempting to claim the sky hasn't fallen) I am wondering how long it will take for the Information Commissioner's Office to demonstrate its independence by asking rather pointed questions. Personally, I am surprised they managed to mute CESG on this, must have taken some substantial, er, "concessions"...

      1. Alan Brown Silver badge

        Re: When...

        Microsoft claim that their EU office365 servers are resident in Ireland and insulated against US gov attempts to access (hence the current NY state case) however when pushed, they admitted that anyone stateside invoking the PATRIOT act would rip right through any protection supposedly offered.

        1. Gordon 10 Silver badge
          FAIL

          Re: When...

          @Alan. Your precise point being? Just because the bar to access it is low - doesn't mean we/MS shouldn't resist attempts to lower it further. Just because the NSA has it doesn't mean they are sharing with anyone but someone who can offer a bit of quid pro quo. Plus even the Patriot act requires some terrorism fig leaf.

    2. Anonymous Coward
      Anonymous Coward

      Re: When...

      the fuck are people going to stop using public email services to carry out highly secretive government business?

      It's the only responsible and practical way to inform the public these days. Say someone needs to know what is inside the TTIP or maybe TISA to know what the rules are, problem is, those treaties are legally binding but also secret for five years. However, if one c.c's a copy to ones private mail account and that gets hacked, then people can know in advance if they are breaking the laws or not.

      http://www.nakedcapitalism.com/2015/10/eric-zuesse-europe-secretly-starts-imposing-ttip-trade-deal-despite-the-publics-overwhelming-opposition.html

    3. NoneSuch
      Big Brother

      Irony

      If he's done nothing and has nothing to hide, why is he upset?

      Isn't that the line government feeds us when they pop into our email accounts? Double standard maybe?

    4. Gordon 10 Silver badge
      Stop

      Re: When...

      @AC first post

      In fairness to the guy it seems that he had very little - if any - secretive business in his email, apart from that application form, so whilst I agree with you in principle - and he should be given a rocket - it seems very little has been wrongly mailed home when say compared to Clinton who operated a whole goram server.

      1 AOL account <> An entire email domain. Not saying its right - just saying its small potatoes.

      1. se99paj

        Re: When...

        I'd 2nd that - as it says in the article no classified documents were leaked, granted the completed security application hold a lot of "Personal" data but nothing that is going to be a risk to national security.

    5. introdium

      Re: When...

      ms clinton i get.. and Palin... gore... but Bush?

  2. elDog

    No problem here. As we all know these agency heads are just puppets.

    There's absolutely no way that kiddos are going to be able to hack into the emails of the real movers and shakers. Don't even try to look at Hillary's email accounts. Or Petreaus's.

    And, in the end, the NSA and equivalent Chinese, Isreali, Russian, Indian, and Hobbitland agencies have already recorded and analyzed the content. Nothing to see.

    1. mawhrin-skel
      Stop

      Re: No problem here. As we all know these agency heads are just puppets.

      Others, understandable from reports, but were India and Hobbitland thrown in to imply all countries perform this level of espionage - or aspire to?

      1. a_yank_lurker Silver badge

        Re: No problem here. As we all know these agency heads are just puppets.

        The list of countries that do not try to slurp up any info by any means is going to be very short. The big boys will be hacking just about every other country. If they not being hacked they are probably so small and unimportant being a pimple on a pimple on a gnat's ass.

  3. John Tserkezis

    Social Engineering at its best

    Mitnick would be proud.

    Verizon should be ashamed.

    And AOL, well, let's just say after many years of people making fun of them, things haven't changed.

  4. Turtle

    Both.

    Put them both in prison.

    1. Alan Brown Silver badge

      Re: Both.

      They should both be charged, but the kid should be facing a misdemeanour at most and a pat on the back for exposing outright criminal activity by a government employee - who should be facing maximum penalties as he is in a job where he DOES know better.

  5. Someone Else Silver badge
    WTF?

    This is the WTF of the millenium

    “[The] problem with these older-generation guys is that they don’t know anything about cybersecurity, and as you can see, it can be problematic,” a source told the Post.

    OK, Lemme get this straight: the fucking head of the top spook agency in the world "doesn't know anything about cybersecurity"?!?

    Are.

    You.

    Fucking.

    Kidding.

    Me?

    That should be cause for immediate dismissal. Oh, and the kid? Assuming s/he isn't "disappeared", s/he should at least be named whistleblower of the year, and perhaps given Presidential Medal of Freedom (Presidential Medal of Free-dumb?) for Meritorious Service in Exposing Criminal Shit-fer-brains in National Security Forces blah-blah-blah...you get the picture.

    Oh, and after this, I don't want to hear any more stuff about Hillary's e-mail!

    1. Herb LeBurger

      Re: This is the WTF of the millenium

      You are so right. Fucking mind boggling that the head of the CIA has work related documents in a personal email account. I work in the financial services industry. We can't access personal email from work. Period. But does the US intelligence community have any such controls? Nope. Unfortunately this will be spun as "See, this is why we need more domestic spying!".

      1. Pascal Monett Silver badge

        Maybe, just maybe, some day (like next millenium) people who are responsible will be the only ones nominated to positions of responsbility.

        Nah. That would ruin the buddy network.

    2. Matt Bryant Silver badge
      WTF?

      Re: DumbOne Else Re: This is the WTF of the millenium

      "....That should be cause for immediate dismissal..... I don't want to hear any more stuff about Hillary's e-mail." Oh, so you think Shrillary is just as much above the law as she does? If you are insisting the CIA director should be fired (and I agree) then that means Shrillary should also be fired.

      1. Someone Else Silver badge
        WTF?

        @ Matt Bryant -- Re: DumbOne Else This is the WTF of the millenium

        Oh, so you think [Hillary] is just as much above the law as she does?

        No, Matt. I think that the political witch hunt that has been going on for over a year regarding Hillary's e-mails has been turned into a circus, where as this incident, which is arguably much more serious, gets nothing more than a "Meh..." from those same circus barkers.

        [...] then that means [Hillary] should also be fired.

        Uhhhhh, Matt? At last check, Hillary wasn't working for the CIA, or the State Dept. ... or any other branch of the government. Do you claim to know something we don't?

        Oh, and knock off the ad hominem attacks. It is unbecoming; I expect more from you, Matt.

        1. Matt Bryant Silver badge
          FAIL

          Re: DumbOne Else Re: @ Matt Bryant -- DumbOne Else This is the WTF of the millenium

          "....No, Matt. I think that the political witch hunt that has been going on for over a year regarding Hillary's e-mails has been turned into a circus...." LOL the only circus is the desperate and repeated attempts of the Democrats to try and make out the Benghazi Committee is only interested in smearing Shrillary. Her email server is a separate potential breach of her own department's rules that just happens to overlap the Benghazi affair because she is suspected of sending emails relating to the attack using her private email, and then having them wiped off the server. The rules breach is serious enough that an ordinary employee would be fired for them. The transmission of classified information either with the classifying notice removed or to those unauthorised to receive such classified info is also a potential crime under the Espionage Act (http://www.inquisitr.com/2501897/espionage-act-could-land-hillary-clinton-in-jail-for-10-years-over-gross-negligence/). So stop trying to insist Shrillary is just some victim of a Republican plot.

          "....Hillary wasn't working for the CIA, or the State Dept. ... or any other branch of the government. ...." US Secretary of State, do you think that might be some kind of government post? ROFLMAO at your blindness. https://en.wikipedia.org/wiki/United_States_Secretary_of_State

          ".....Do you claim to know something we don't?...." I suspect I know a great deal more than you will ever know, especially as you seem to be burdened with a set of socio-political blinkers.

          "..... I expect more from you, Matt." Why would I give a hoot what you expect? I actually think your disapproval is a sure sign I'm on the right track and avoiding the mindless conformity, thanks.

    3. Anonymous Coward
      Anonymous Coward

      Re: This is the WTF of the millenium

      I hope the kid has enough money to buy a plane ticket to Russia; at least Snowden will have a fellow US citizen to speak with.

      I worked at a UK retail bank. They blocked all access to hotmail, gamil etc. in addition to dropbox etc. The CIA has no policy like this ? Don't the NSA advise the CIA on cyber-security ? Unbelievable. Someone needs to get fired.

      1. Anonymous Coward
        Anonymous Coward

        Re: This is the WTF of the millenium

        I work in the financial services industry. We can't access personal email from work. Period.

        I worked at a UK retail bank. They blocked all access to hotmail, gamil etc. in addition to dropbox etc.

        That's because you're drones. Do you really think those rules are enforced on those on top?

    4. John G Imrie

      Re: This is the WTF of the millenium

      [The] problem with these older-generation guys is that they don’t know anything about cybersecurity, and as you can see, it can be problematic,

      Rewrite

      [The] problem with these older-generation guys is that they don't listen to those young whipper snappers who know anything about cybersecurity,

  6. Winkypop Silver badge
    Devil

    ..referred the matter to the appropriate authorities," a CIA spokesperson told The Register

    Hello?

    This is the CIA, can you put me through to the CIA?

  7. mr. deadlift

    and you thought Family Guy was a joke, another case of life imitating i guess.

  8. Anonymous Coward
    Anonymous Coward

    Typical teenager..

    .. absolutely no sense of danger. Mine plays rugby as if bones were meant to be broken.

    Want to bet he's suddenly legally not a minor when they catch him?

    1. h4rm0ny

      Re: Typical teenager..

      If teenagers didn't do stupid things we'd all go from childhood to being 45 and how depressing would that be?

      1. Known Hero
        Thumb Up

        Re: Typical teenager..

        I see what you did there :D

        Although in my case I presume it would be childhood to the grave :)

      2. Anonymous Coward
        Anonymous Coward

        Re: Typical teenager..

        If teenagers didn't do stupid things we'd all go from childhood to being 45 and how depressing would that be?

        Absolute upvote. And we wouldn't have anything to laugh about either :)

  9. Kwll

    On obsolescence and technical incompetence.

    Can't understand why CIA, FBI and untold flocks of journalist would be after that kid. He only exposed a bad habit of a old man copying mail here and there. Eh? what do you say? Security? Secrets?

    Still wonder why we still trust some tech-inept to manages high security information. System is flawed, and the world is chasing the ones that find where it's leaking to put them in jail.

    If correct isolation process would have have been in place, that kid would have found tits and viagra spam only like in everyone's email. End of the story.

    Just my 2 cents.

    Alessio

    1. Anonymous Coward
      Anonymous Coward

      Re: On obsolescence and technical incompetence.

      Can't understand why CIA, FBI and untold flocks of journalist would be after that kid.

      Apparently, embarrassing TLAs and high level politicians is deemed a criminal offence if you see with what vigour they track something like that. If they put 1/10th of that effort in security and ensuring people at that level have some oversight and help to ensure they color between the lines they would never have a problem, but I guess that's not as much fun as tearing through towns, breaking people's doors down and brandishing heavy weaponry.

      The latter puzzles me, to be honest, as far as I can see there isn't that much of a threat :).

      1. Sir Runcible Spoon

        Re: On obsolescence and technical incompetence.

        Love the video, I'm impressed with how well he took that shot though!

  10. Anonymous Coward
    Anonymous Coward

    Honeypot

    You think those were _real_ sensitive files? Surely with someone in that position, you'd have a pre-packed setup with fake info ready to hand over should the need arise. A bit like truecrypt's hidden containers.

    Boss of CIA using an A Oh helL email account... [chuckle] that's a good one!

    1. Known Hero

      Re: Honeypot

      @AC, Umm you have been reading the news lately? this is not a one off.

    2. Kubla Cant Silver badge

      Re: Honeypot

      I wouldn't be surprised to find that either the account is a honeypot that's really been hacked, or the hack reports are fake. It's all a bit to good (or do I mean bad) to be true.

  11. Anonymous Coward
    Anonymous Coward

    You think thats bad..

    Once found national security sensitive (specifically Mars related) data on a memory card found on greedbay.

    I went through most of the other cards and found all sorts of goodies, actually got a couple of the dead ones going again by overvoltaging them by 0.2V and obtained some fascinating data.

    Sometimes gently heating them helps dry them out and make the conducting casing caused by moisture getting in once again insulating.

    So if you do happen to come across an apparently dead memory card, its well worth trying to see what can be salvaged especially with the tendency of drones to fly apart in mid air and eject their sometimes-perfectly-good microSD into Never-Never Land.

    1. Mage Silver badge
      Flame

      Re: You think thats bad..

      " ... data on a memory card found on greedbay."

      Until someone figures how to fit a high voltage generator on one. I'm sure I can't on a micro-SD, but I think the full size card is feasible.

      1. Anonymous Coward
        Anonymous Coward

        Re: You think thats bad..

        Be careful what you wish for... :-)

        (scuttles off into basement lab, currently storing a small yet efficient chest mounted nuclear reactor prototype and an inter-dimensional field generator based on 1940's era tech)

  12. h4rm0ny

    I'm not sure which is funnier...

    That they may have got into the director of the CIA's AOL account(!) or that they think US foreign-policy is too pro-Palestine!

    1. JeffUK

      Re: I'm not sure which is funnier...

      Pretty sure that sentence could do with a comma! "was motivated by opposition to US Foreign policy, and support for Palestine"

  13. adam payne

    The boss of the CIA has work emails in his personal AOL account.

    Work emails in his personal email account *facepalm*

    He uses AOL *double facepalm*

    Instant dismissal is required.

  14. phil dude
    IT Angle

    emperor clothes...

    It can happen to us all surely? Imagine you are surrounded by people who work for , tell you you're great, you are doing some thing IMPORTANT(tm)....

    We could all think we're invincible.

    Of course, this could the be the definition of "out of touch".

    When the world's problems don't apply to you, you have to wonder which "world" you live in....

    Note the Icon, I thought this article could use some....;-)

    P.

  15. Willem55

    Hillary must be so happy... Using you own mail server is way much safer than using AOL.. like the spy master does..

  16. Anonymous Coward
    Anonymous Coward

    Prison will do him good

    Ten years in the slammer should do this cracka good.

  17. ItsNotMe
    FAIL

    Just another example of an Oxymoron.

    Central Intelligence (?) Agency...or the complete lack thereof.

  18. Amorous Cowherder

    ' "We are aware of the reports that have surfaced on social media and have referred the matter to the appropriate authorities," a CIA spokesperson told The Register on Monday. '

    Hmmm, nothing makes the authorities angrier than embarrassing them in public. I would get your affairs in order kiddo, you're going to be doing a lot of sitting in small rooms and thinking about stuff, before they pack you off to jubbie to dig ditches for the local authority in some backwater hick county.

  19. Harry Anslinger

    It's not a generational thing.

    Brennan's use of a commercial email system isn't due to a lack of security understanding due to his age - some of us of that generation wrote the tools we all use today - it's specifically lazy and sloppy to maintain sensitive content on an AOL email account.

    Brennan by the nature of his profession knows better and yet failed to take precautions. It is scary that these individuals are tasked to maintain our safety - they can't even manage their electronic communications.

  20. Crisp

    What is it about stoners and hacking?

    Does smoking pot give people hacking superpowers or something?

  21. Mike 16 Silver badge

    Password Reset

    I'm older than he is, and have had 3 or more email accounts since at least the mid 1990s.

    Different accounts for "over the transom and spam", "Work related", and "Doctor and bank", to start with. Only one (guess which) has the ability to use an automagic process for resetting the password, and that process uses two factor ID.

    Do most folks forget their passwords so often that a slightly more secure reset policy would be a burden?

  22. Captain Badmouth
    Paris Hilton

    What they really mean to say.....

    "The problem with these older-generation guys is that they don’t know anything about cybersecurity, and as you can see, it can be problematic"

    The problem with these older-generation guys is that they won’t be told anything about cybersecurity, they're too important to be told anything by underlings or clever-arsed college guys who haven't seen action,and, as you can see, it can be problematic.

    Fixed, continue with the narrative.

    Paris, knows how to take precautions.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021