Con-Artistry 2.0: Social Engineering CIA Director John Brennan

WIRED recently posted an interview with a “hacker” representing a group who broke into the AOL account of CIA Director John Brennan. Upon examination of his method, we assert that this hacker was in fact a social engineer.

As we have discussed before, social engineering is essentially con-artistry with information technology. It involves the obtainment and violation of trust to achieve a specific goal. In this case, the goal was to obtain access to Director Brennan’s account.

Here is how the hacker claims to have done it:

BrennanSEChart

The group behind the account breach began posting to Twitter screenshots of the documents they obtained. One of those documents appears to be the director’s SF-86 application, which is used for background checks. These applications ask for more personal information, including information on friends and family. They also include:

  • criminal history
  • psychological records
  • past drug use
  • interactions with foreign nationals

If true, this account hijacking could lead to serious repercussions for the director, his job, and his friends and family. The cyclical process of social engineering could lead to more breaches, the theft of his identity and the leaking of sensitive government documents.

We remind readers to practice security best practices, such as not using personal email accounts to handle work related information.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s