No One Is Safe from Cyber Crime: How Teens Hacked the CIA Director
If there’s one thing the world learned from the Sony Pictures hack in 2014, it’s that being careless with email opens the door for dangerous cyber-attacks. Despite the public shaming of Sony and abundance of high profile hacks, it still seems like some people are off limits to sophisticated cyber criminals. Until now. A teenaged group of hackers recently breached CIA Director John Brennan’s personal email account, making it clear that no one is safe from cyber-crime. And the worst part? They made it look easy.
Telecom as a Cyber Crime Gateway—The 7 Simple Steps to the CIA Director Hack
If you haven’t realized how sophisticated cyber criminals are becoming, this hacktivist attack on John Brennan and the CIA may put things in perspective. These are the 7 steps a teen hacktivist group took to compromise Brennan’s personal email with ease:
- It all started with the telecom service provider: Brennan’s mobile phone was the first piece of the puzzle in this attack. The teens used commonplace reverse-lookup services to search Brennan’s phone number and discover that XXX was his service provider.
- Social engineering can compromise telco service providers: No one wants to think they’ll be duped by a social engineering attack, but the service provider was compromised. The teen called them pretending to be a service technician and requested Brennan’s account information, claiming that his systems were down.
- Authentication was too easy: Service providers assign their technicians a special code (Vcode) for authentication purposes—which seems like a good idea. Except the hackers provided a fake Vcode and moved on to the next phase of the attack.
- So much information with little effort: After verifying the doctored Vcode number, the service provider gave the hacktivist the following information about Brennan: his 4-digit PIN, backup mobile phone number, email address and the last four digits of his bank card.
- Telecom was the gateway to a targeted email attack: Once the attackers took advantage of weak service provider security, it was time to move on to the email account. Posing as Brennan, the hacker called email provider and explained he was locked out of his account.
- Thanks to the service provider, AOL security was easy to circumvent: Email provider asked the attacker a series of detailed security questions (such as the last four digits of the bank card). With the compromised data from the telco service provider, these questions were easy to answer.
- Password reset and the end-game: After answering the security questions, email provider reset the email account password, giving the hacktivist group access to Brennan’s personal email. And thanks to Brennan’s own security flaws, they were able to obtain government files that Brennan had forwarded to his personal email.
No One is Safe from Cyber Crime—Be Prepared
If the Director of the CIA can be compromised so easily by teenagers, anyone can be the victim of a data breach and cyber-crime. This attack didn’t involve any technical know-how—just persistence and an ability to take advantage of poor security measures. It all started with human error on the part of a telco service provider. Even if your data isn’t the end-goal, it’s important to shore up your cyber defenses and get ready for an attack.
Has John Brennan’s run-in with cyber criminals changed your perspective of cyber security? Leave a comment below and let us know how you plan to improve your defenses before you become a victim of cyber-crime:
Download this free whitepaper and learn how multi-layer packet-optical network architectures provide the flexibility, security, and efficiency you need to support the applications of the future:
png" title="" width="180" height="110">
Topics: Cyber Security