Cyber Incident Victim: Central Intelligence Agency
Date:
Oct 2015
Location:
United States of America
Summary
A high school student hacker compromised the CIA director's personal AOL account through social engineering tactics, tricking telecom providers to gain access. The breach exposed sensitive documents including the director's security clearance application, Social Security numbers of multiple intelligence officials, and a government letter regarding interrogation techniques. The attacker also infiltrated the Homeland Security secretary's Comcast account, accessing voicemails and billing information. Federal authorities launched an investigation into the intrusions, with potential criminal charges being considered. The hacker claimed motivation from opposition to US foreign policy and support for Palestine, identifying with the group "Crackas With Attitude." Stolen data was partially posted online before the compromised accounts were disabled.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In October 2015, a high school student claiming affiliation with the group "Crackas With Attitude" infiltrated CIA Director John Brennan’s personal AOL email account through social engineering tactics. The hacker manipulated Verizon employees into disclosing Brennan’s personal information, then deceived AOL support into resetting the account password, gaining access on October 12. Upon breaching the account, the attacker discovered approximately 40 emails containing highly sensitive attachments, including Brennan’s 47-page application for top-secret security clearance, Social Security numbers of multiple senior intelligence officials, and a government letter discussing the use of harsh interrogation techniques on terrorism suspects. The hacker publicly claimed responsibility by tweeting "CWA owns John Brennan of the CIA" from the Twitter handle @phphax, which also displayed the Islamic Shahada creed, though the perpetrator identified as a non-Muslim American student motivated by opposition to U.S. foreign policy and solidarity with Palestine. Between August and October, the individual conducted repeated prank calls to Brennan, reciting the director’s Social Security number during one interaction before Brennan terminated the call. The attacker further compromised Homeland Security Secretary Jeh Johnson’s Comcast account, accessing voicemails and posting a redacted billing statement screenshot online. Brennan’s AOL account was disabled by October 16 following the intrusion.
The breach exposed classified personnel records and operational documents, triggering an FBI-led multi-agency investigation with potential criminal charges anticipated against the perpetrator. Law enforcement sources indicated authorities sought to establish a deterrent through prosecution given the unprecedented nature of compromising the CIA director’s personal communications. The hacker disseminated portions of Brennan’s contact list and selected documents via Twitter prior to the account’s deactivation, though full exfiltration scope remained unclear. CIA officials acknowledged awareness of social media reports regarding the incident and referred the matter to investigative authorities without confirming specific compromises. Security analysts highlighted systemic vulnerabilities stemming from senior officials’ use of non-secure personal accounts for sensitive government business, drawing parallels to contemporaneous controversies involving Hillary Clinton’s private email server. No public statements from Brennan or Johnson addressed operational impacts, though exposure of clearance documentation and intelligence officials’ personally identifiable information created significant counterintelligence concerns. Federal investigators focused on attribution while assessing potential collateral damage from the leaked materials.