+

Cookies on the Business Insider India website

Business Insider India has updated its Privacy and Cookie policy. We use cookies to ensure that we give you the better experience on our website. If you continue without changing your settings, we\'ll assume that you are happy to receive all cookies on the Business Insider India website. However, you can change your cookie setting at any time by clicking on our Cookie Policy at any time. You can also see our Privacy Policy.

Close
HomeQuizzoneWhatsappShare Flash Reads
 

These are the 7 easy steps a teen used to hack the director of the CIA

Oct 20, 2015, 21:58 IST

Thomson ReutersCIA director John BrennanOn Sunday, The New York Post reported that a teen hacker claimed to have gained access to CIA director John Brennan's personal email account.

Advertisement

The hacker and his group posted documents online, including a list of email addresses allegedly from Brennan's contact file. They also said they'd obtained other documents, like a letter from the Senate asking the CIA to stop its use of "harsh interrogation techniques" (basically, torture), and a spreadsheet of the names and social security numbers of some US intelligence officials, according to Wired.

But more surprising than the documents is just how easy it was for the hacker - who the Post described as "a stoner high school student" - to carry out the feat.

The hacker described his process to Wired, and it's essentially just a few simple steps of social engineering.

Here's how he hacked the head of the CIA, according to Wired:

Advertisement

  1. He did a reverse lookup of Brennan's phone number, which told him Brennan had Verizon.
  2. He (or one of his team) pretended to be a Verizon technician, and called Verizon asking for details about Brennan's account because "our tools were down."
  3. Verizon asked for his "Vcode," a code that Verizon assigns each of its employees, and the hacker gave them a fake one.
  4. Verizon then gave him the following information: Brennan's "four-digit PIN, the backup mobile number on the account, Brennan's AOL email address, and the last four digits on his bank card."
  5. He then called AOL, posing as Brennan, and said he was locked out of his email account.
  6. AOL asked him a series of security questions, such as the last four digits of the bank card. He answered the questions with information he'd gotten from Verizon.
  7. AOL then reset the password for him.

And just like that, he had access to Brennan's AOL email account. Since Brennan had forwarded emails from his government work address, it was a simple task of sifting through to find various government documents.

After the initial attack, the hacker fought with Brennan over control of the account in a game of "password reset," and eventually ended up speaking with the CIA director on the phone.

When discussing potential payment, the hacker claims Brennan said, "How much do you really want?"

The hacker replied, "We just want Palestine to be free and for you to stop killing innocent people," according to Wired.

NOW WATCH: Here's how many people die from terrorism compared to gun violence

Please enable Javascript to watch this video
You are subscribed to notifications!
Looks like you've blocked notifications!
Next Article