Jack Recider

And this is how they got John Brennan's Verizon account number, his four-digit PIN, a backup mobile number to his account, the email associated to his account, which was an AOL email, and the last four digits of his bank card. Now that they had this extra information on him, How can they leverage that to take this a step further?

And this is how they got John Brennan's Verizon account number, his four-digit PIN, a backup mobile number to his account, the email associated to his account, which was an AOL email, and the last four digits of his bank card. Now that they had this extra information on him, How can they leverage that to take this a step further?

Well, they know his AOL email address, which when you log into AOL, the username is the email. So they had John Brennan's email username, but not the password. Hmm. Well, time to call AOL. So they called AOL, this time acting like John Brennan. Hi, I've been locked out of my email account. Can you help me get back in? Sure, Mr. Brennan, but I'll need to verify it's you. Okay.

Well, they know his AOL email address, which when you log into AOL, the username is the email. So they had John Brennan's email username, but not the password. Hmm. Well, time to call AOL. So they called AOL, this time acting like John Brennan. Hi, I've been locked out of my email account. Can you help me get back in? Sure, Mr. Brennan, but I'll need to verify it's you. Okay.

Can you tell me the last four digits of your credit card number? Why, yes. Yes, I can. Because they had this information from the data they got from Verizon. Clever, clever. And so when they gave this information to AOL, this let them reset his password and get into John Brennan's AOL email. On October 12, 2015, they gained access to the inbox of the director of the CIA.

Can you tell me the last four digits of your credit card number? Why, yes. Yes, I can. Because they had this information from the data they got from Verizon. Clever, clever. And so when they gave this information to AOL, this let them reset his password and get into John Brennan's AOL email. On October 12, 2015, they gained access to the inbox of the director of the CIA.

They started looking through his emails, reading one after another, looking at attachments sent. One attachment had a list of U.S. intelligence officials, which included their social security numbers. Why in the world was John Brennan using his AOL account to send emails that included social security numbers of U.S. intelligence officials? This is such bad OPSEC. Why, director of the CIA? Why?

They started looking through his emails, reading one after another, looking at attachments sent. One attachment had a list of U.S. intelligence officials, which included their social security numbers. Why in the world was John Brennan using his AOL account to send emails that included social security numbers of U.S. intelligence officials? This is such bad OPSEC. Why, director of the CIA? Why?

You know better. I think it just goes to show that no matter how much you know about privacy and security, we're still human and screw up this whole security thing.

You know better. I think it just goes to show that no matter how much you know about privacy and security, we're still human and screw up this whole security thing.

Ooh, this is no good. The SF-86 form is the form that you fill out to apply for secret clearance, which means it has your entire background listed clearly in the form. Social security number, email address, telephone number, place of birth, aliases, passports use, prior addresses, names of your neighbors, what school you went to, your military history, past employers. It's everything on a person.

Ooh, this is no good. The SF-86 form is the form that you fill out to apply for secret clearance, which means it has your entire background listed clearly in the form. Social security number, email address, telephone number, place of birth, aliases, passports use, prior addresses, names of your neighbors, what school you went to, your military history, past employers. It's everything on a person.

And now default and cracker had it all.

And now default and cracker had it all.

Unreal. And Krakka's just posting this stuff straight up to Twitter as Krakka. And it wasn't just these two guys in CWA. There were some other members there for the ride, but Default was suspicious about one of the members in CWA.

Unreal. And Krakka's just posting this stuff straight up to Twitter as Krakka. And it wasn't just these two guys in CWA. There were some other members there for the ride, but Default was suspicious about one of the members in CWA.

They were so relentless that people started going into hiding.

They were so relentless that people started going into hiding.

At some point, they got into Amy Hess's account. She was the FBI Executive Assistant Director for Science and Technology.

At some point, they got into Amy Hess's account. She was the FBI Executive Assistant Director for Science and Technology.