The Director of the CIA’s Email was Hacked By a Teenager: Here’s How
With the U.S. election cycle well and truly heating up, it’s hard to go a day without hearing about Hillary Clinton’s secret basement email gaffe. Whichever side of the political line you come down on personally, the security implications are profound. Cyber security threats are growing in variety and intensity. Private, potentially sensitive information to which Clinton was privy thanks to her time as Secretary of State was left unsecured on a non-government server, all the while fairly begging to be stolen by malicious actors.
With so many top-notch PR folks on the case (not to mention the notoriously short attention span of the average American), it was only a matter of time before this whole thing faded into obscurity – which was precisely when a hacker who isn’t even old enough to vote yet hacked the CIA Director John Brennan’s private email account and thrust the issue of cyber security once again to the forefront of the sociopolitical discussion.
Save Socializing for the Cocktail Hour
Want to know how the CIA Director was really hacked? It wasn’t technology, or at least not primarily. It was good old-fashioned chit-chat. Yep, at the end of the day, it was social engineering that did the job. According to Wired, a kid barely old enough to drive called employees at Verizon and America Online and had a brief but pleasant conversation with them. There he gathered every credential he needed to break into John Brennan’s private email account, and the rest, as they say, is history.
Don’t Expose Yourself
This is great political advice – is there a quicker way to find yourself in jail or on TMZ? – but it’s also a cyber security fundamental. The less exposed you are to danger, the harder it is for trouble to land in your lap. Storing sensitive government information in a non-secure location (like your personal email account) is the intelligence equivalent of painting a big red target on your back. Don’t go borrowing trouble, especially when you don’t have to. Follow safety protocols – they’re there for a reason.
Email Attachments: Convenience Items or a Risky Click?
You might think email attachments are nothing to worry about. After all, what’s so scary about a picture from Grandma or a PDF from a classmate? Well, nothing, if that was all they ever were, but not the case. In actuality, email attachments are one of the chief attack vectors of hackers and virus writers. They’re incredibly low-hanging fruit, too—almost all of the documents this unnamed teen hacker and his teammates were able to snatch and read at their leisure were unguarded email attachments. Of course, it helps that a man who should’ve known better was storing such sensitive information in such a wide-open place, but the point remains the same: Email attachments are a security vulnerability any way you slice it, so while they have their uses, you need to be careful about which ones you choose to personally open, store, or send.
Stay Up to Date!
This tip is short, sweet, and simple: Keep your security credentials and systems as up to date as you possibly can! One of the main reasons this whole scheme was able to succeed was that John Brennan still uses America Online for his email account. Still, the real jaw-dropper continues to be the fact that so much sensitive information was just sitting there in the form of un-encrypted attachments when even first-year college students in any web development program can speak intelligently about SSH keys. How much more, then, ought someone like Brennan to know about this rudimentary piece of modern security tech?
This is what happens when no security measures are taken. In short, take the time and use helpful resources to protect your data.
