Cyber Incident Victim: Office of the Director of National Intelligence
Date:
Jan 2016
Location:
United States of America
Summary
Hackers associated with the group "Crackas With Attitude" compromised multiple personal accounts linked to the Director of National Intelligence, including his home telephone, internet service, and personal email, as well as his wife's email. The attackers altered settings to forward calls from his residence to the Free Palestine Movement and accessed call logs containing sensitive contacts. A spokesperson for the Office of the Director of National Intelligence confirmed the breach and reported it to authorities, while the hackers claimed their actions were motivated by support for Palestine. An information security expert suggested social engineering may have facilitated the intrusion, highlighting concerns about the visibility of the official's personal information online.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 3 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In October 2015, a group identifying as "Crackas With Attitude" (CWA) gained unauthorized access to CIA Director John Brennan’s AOL email account, accessing law enforcement tools and prompting an FBI alert about their activities. By January 2016, one member known as "Cracka" targeted Director of National Intelligence James Clapper, compromising his Verizon FiOS home telephone and internet service, personal email account, and his wife’s Yahoo email. The hacker altered Clapper’s Verizon settings to forward all incoming calls to the Free Palestine Movement’s contact number. Cracka contacted a journalist on January 11, 2016, providing Clapper’s home number and call logs as evidence. Calls placed to Clapper’s number reached Paul Larudee, co-founder of the Free Palestine Movement, who confirmed receiving misdirected calls. The call logs included a number for Vonna Heaton, who declined comment when contacted. Brian Hale, spokesperson for the Office of the Director of National Intelligence, acknowledged the breach on January 12, stating the matter was reported to authorities but offering no further details.
The attackers publicly taunted authorities via Twitter using new accounts and cited political motives, explicitly linking their actions to the "#FreePalestine" movement. Cracka stated the intrusions aimed to demonstrate dissent against government policies. The breach disrupted Clapper’s residential communications, exposing vulnerabilities in his personal account security. No evidence suggested theft of classified data or compromise of intelligence systems beyond personal and telecommunications accounts. The incident highlighted the continued targeting of high-profile officials through non-technical methods, as Clapper’s home address and phone number remained publicly accessible via basic online searches. The Office of the Director of National Intelligence did not disclose remediation steps or confirm whether Clapper’s accounts were fully secured following the disclosure.