WIRED recently posted an interview with a “hacker” representing a group who broke into the AOL account of CIA Director John Brennan. Upon examination of his method, we assert that this hacker was in fact a social engineer.
As we have discussed before, social engineering is essentially con-artistry with information technology. It involves the obtainment and violation of trust to achieve a specific goal. In this case, the goal was to obtain access to Director Brennan’s account.
Here is how the hacker claims to have done it:
The group behind the account breach began posting to Twitter screenshots of the documents they obtained. One of those documents appears to be the director’s SF-86 application, which is used for background checks. These applications ask for more personal information, including information on friends and family. They also include:
- criminal history
- psychological records
- past drug use
- interactions with foreign nationals
If true, this account hijacking could lead to serious repercussions for the director, his job, and his friends and family. The cyclical process of social engineering could lead to more breaches, the theft of his identity and the leaking of sensitive government documents.
We remind readers to practice security best practices, such as not using personal email accounts to handle work related information.