Cyber Incident Victim: Crackas With Attitude
Date:
Jan 2016
Location:
United States of America
Summary
A hacking group known as Crackas With Attitude compromised the personal accounts of high-ranking U.S. government officials through social engineering tactics, including spear phishing family members. After targeting a White House senior advisor, the attackers forwarded his home phone calls to a political advocacy group and accessed his email via credentials obtained by impersonating him in communications with his spouse. The group also claimed unauthorized access to law enforcement databases, leading to the exposure of sensitive personal information belonging to thousands of individuals, predominantly government personnel. Their broader campaign involved multiple high-profile victims across intelligence, national security, and diplomatic agencies, prompting federal investigations into the breaches.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 2 actors | Available to members | Available to members |
Description
The hacking group Crackas With Attitude (CWA) engaged in a sustained campaign targeting U.S. government officials between October 2015 and January 2016. Their activities began with the compromise of CIA Director John Brennan’s AOL email account in October 2015, followed by intrusions into accounts belonging to FBI Deputy Director Mark Giuliano, Director of National Intelligence James Clapper, and former intelligence executive Vonna Weir Heaton. On January 18, 2016, the group claimed responsibility for breaching John Holdren, President Obama’s senior science advisor, through a spear-phishing attack against his wife. A CWA member using the alias Fearz impersonated Holdren in an email to his wife Cheryl, requesting the password for their joint Comcast Xfinity account under the pretext of having lost it. After Cheryl provided the credentials, the attackers gained access to the account and reconfigured call forwarding settings for Holdren’s home telephone to route all calls to the Free Palestine Movement.
The group leveraged credentials obtained from prior breaches of law enforcement databases in November 2015 to identify targets, including locating Cheryl Holdren’s email address. CWA members publicly disclosed Holdren’s personal phone number during the incident and claimed additional unreported compromises of high-profile officials such as FBI Executive Assistant Director Amy Hess, White House Communications Director Jen Psaki, and Deputy Secretary of State Tony Blinken. The White House Office of Science and Technology Policy confirmed Holdren’s targeting and referred the matter to law enforcement. These intrusions prompted an FBI alert in late 2015 warning about doxing risks from hacktivist groups. Operational impacts included unauthorized access to personal communications, call diversion to third parties, and the public exposure of over 2,000 law enforcement personnel identities from stolen databases. CWA members expressed anti-Israel political motivations during communications with journalists, though the group reportedly disbanded while maintaining informal contact among former participants.