Yesterday, CIA Director John Brennan put up a reference to an article in the Daily Dot on his Facebook page The article indicated that his alleged hacker had distanced himself from his initial claims.
“The hacker originally told the New York Post that he had accessed ‘[Brennan’s] 47-page application for top-secret security clearance.’ But, that document has not surfaced online, and the hacker refused to provide any evidence that he had accessed it when pressed by the Daily Dot.”
As it turned out, referencing this article proved to be a poor move. Shortly after the post, the document in question showed up on Wikileaks.
The document was filled out in 2008, but it looks like most of the information on it is still applicable. Personal information such as his address, phone numbers, passport number, and work history are all there. Not only that, the numbers and addresses of family, friends and professional associates are also exposed. In other words, someone could use this information to launch a well-constructed phishing attack against Brennan, if that was their goal.
A lot is made of the fact that past drug use can also be learned about in this form. But really, who is going to admit to that unless they know they will be caught through some sort of investigation. There is, in fact, personal information to be found on this form, but I have no reason to disclose that here.
For those who are unfamiliar with how the attack took place, I’ll give a brief synopsis. Apparently, some bored youths had nothing better to do and took a break from their marijuana smoking to try to hack the head of the CIA. (No, I’m not making this up. This is what they claim.) They found that Brennan’s phone number was connected to Verizon and used that fact to start the hack by contacting Verizon. According to an interview they did with Wired,
“[W]e told them we work for Verizon and we have a customer on scheduled callback,” he told WIRED. The caller told Verizon that he was unable to access Verizon’s customer database on his own because “our tools were down.”
Through this ruse, the hackers eventually got Brennan’s account number, his four-digit PIN, the backup mobile number on the account, Brennan’s AOL email address, and the last four digits on his bank card. They then needed to get into Brennan’s AOL email. When they contacted AOL, claiming they were locked out of their account, AOL asked them several security questions, all of which they could answer with the information they had received from Verizon. They reset Brennan’s password to take control of his account and were then free to take any documents in it. This is how they got the draft for CIA security clearance mentioned above.
But, at least for me, the big question is: How did they get Brennan’s private phone number in the first place? All the other parts of the hack were more the work of a conman-style hack or social engineering hack than of using any sophisticated hacking tools, but they needed his phone number to get it all started.
To answer the question of where the hackers got Brennan’s phone number, we have to go back to 2013. A lot of people seem to have forgotten that Brennan had been hacked back in 2013. This hack collected information from a number of top government personnel including Vice President Joe Biden, FBI Director Robert Mueller, Attorney General Eric Holder, and former Secretary of State Hillary Clinton. According to one source, the hackers obtained Brennan’s “home address, phone numbers, Social Security Number and a credit report as prepared by the company TransUnion”. The point is that information was (and is) available to launch an attack against Brennan, even though the FBI took down the site that the information was initially posted on, exposed.su. So we have to assume the hackers used information from this past attack to get Brennan’s phone number.
These hackers claim that they did a reverse lookup on Brennan’s phone number. To check this out, I did a reverse lookup on the phone listed on Brennan’s CIA clearance form (form SF86). The first item of interest I found was this:
Carrier: VERIZON VIRGINIA, INC.
This substantiates the hackers’ story that they were able to link the number to Verizon and then pose as Verizon workers.
Investigating further, I was able to obtain the following information though the reverse lookup.
Now, you might question if this is the John O. Brennan, after all, it’s not that unusual a name. However, any doubt is alleviated when you check the Facebook link or match the address given here to that which Brennan put on form SF86. What I found interesting is how much information can be gleaned from a reverse lookup. With this alone, a mid-level hacker could use social engineering attacks on him to, not just take over his email, but to send him a document or link that would, in fact, compromise his device to the point that an attacker could spy on anything he did. If I were him, I would check to see if this has not already happened. If his device is hacked, then there are many more people who may be compromised by this attack.
A successful phishing attack on one of your employees should not expose sensitive information on your corporate network. New technology exists which will separate a device connected to your network into two virtual devices. Each side of the device is isolated by a hardware barrier. No attacker can penetrate this barrier to endanger your valuable information. It’s worth checking out if you feel you have something you need to protect. Coincidentally, the company is located in the same city that John Brennan lives in, so a short drive would be all it would take to keep his information safe from now on.