Menu
Browse

Cyber Threat Actor: Crackas With Attitude

Aliases: 3 aliases
Actor Type Location Known Incidents
 Icon
Activist
United States of America
6 incidents
Profile

The threat actor known publicly as Crackas With Attitude (CWA) operates under the hacker handle “Cracka” and has described itself as a loose collective of individuals, with one prominent member identifying as an American high school student who is not Muslim and who has stated that his actions are motivated by opposition to United States foreign policy and support for Palestine. The same individual has also asserted that the group’s intent is not to harm innocent civilians but to target government entities, a statement he made publicly after breaching law‑enforcement systems. No formal ties to a state sponsor or criminal syndicate have been established in open sources; the actor’s self‑description remains the only publicly attributed affiliation.

CWA’s observed targeting has focused on United States government and law‑enforcement sectors. The group first gained notoriety by compromising the personal AOL account of CIA Director John Brennan, accessing his private emails, contact lists and sensitive documents such as his security‑clearance application. Shortly thereafter, the same actors claimed to have exploited an unspecified vulnerability in a law‑enforcement portal reserved for the FBI and other agencies, gaining access to the Joint Automated Booking System (JABS) database of arrest records and to a suite of related tools including the Enterprise File Transfer Service, Cyber Shield Alliance, Intelink, Intelink IM, Justice Enterprise File Sharing, the National Data Exchange (N‑DEx), the National Gang Intelligence Center, the Repository for Individuals of Special Concern (RISC), RISSNET, the ViCAP Web National Crime Database, Active Shooter Resources, the Malware Investigator portal and the Homeland Security Information Network (HSIN). From these systems they exfiltrated arrest records—including sealed cases—and contact details of law‑enforcement personnel, which they subsequently posted on Twitter. In a separate incident the actor also accessed the Comcast account of Homeland Security Secretary Jeh Johnson, posting a redacted screenshot of a billing page and indicating that he had listened to Johnson’s voicemails. The group’s stated objective, as expressed by the teenage member, is to expose government information in protest of U.S. foreign policy rather than to pursue financial gain or cause indiscriminate harm.

The tactics, techniques and procedures observed in these operations rely heavily on social engineering rather than malware. The actor reportedly deceived Verizon representatives into divulging Brennan’s personal information and then persuaded AOL to reset the account password, thereby gaining entry to the CIA director’s email. Access to the law‑enforcement portal was achieved through an undisclosed vulnerability that allowed navigation to JABS and the associated law‑enforcement tools; no specific malware families or exploit kits were mentioned in the reporting. Data exfiltration was carried out via public platforms such as Twitter, where screenshots and document excerpts were posted, and through direct screenshots of billing pages. Attribution remains limited to the actor’s self‑identified moniker “Crackas With Attitude” and the individual handle “Cracka,” with no public evidence linking the group to a nation‑state or organized criminal enterprise. The described campaigns—namely the Brennan’s AOL account, months later breach of the law‑enforcement portal and associated data leaks—of Brennan’s AOL account, the compromise of the JABS/law‑enforcement portal, and the exposure of law‑enforcement contact data—represent the publicly known operations attributed to this actor.

Incidents
Attributed incidents available to members
6 incidents
Sources
Sources available to members
3 sources