CIA Director John Brennan had a phone call from a young man, advising him that his AOL email account had been hacked. Brennan’s response is reported to have been, “You’d better watch your back!” however this appears to have cut no ice with the hackers: they are now targeting the FBI, and according to one magazine source, Wired, they have actually breached the FBI’s network.
Brennan’s personal AOL email account was used not only by him, but also his wife, and between them they had a wealth of personal information held within the account. So far, according to CIA sources, nothing classified has been exposed, however the cyber crooks have managed to come away with draft texts on presidential briefings on matters as sensitive as Iraq. The social security number of his wife has also been stolen.
The hackers have gained access using a system known as Joint Automated Booking System (JABS), which is primarily used by law enforcement, but also acts as an Instant Messaging system for use between various agencies (including the CIA and the FBI).
If the FBI breach is shown to have actually occurred this is very embarrassing as it gives direct access to arrest records and reports. This includes reports which are sealed by court order, or indeed arrests and reports relating to live investigations of amongst others, terrorists, drug criminals and gang members. By exposing this information, it can lead to other persons of interest being tipped off that they themselves have been exposed by law enforcement, and so it is now time to disappear.
The big question is how access to JABS has been performed by the teeny hackers, known as “Crackas with Attitude” or CWA, but so far no information has been forthcoming. “Cracka” is the hacker name of one of the group, and claims the group’s motivation is to help “Palestine”. Cracka also boasted on Twitter that CWA did have access to “everyone in USA’s private information” and to imagine “if we was Russia or China”. In any event, over 3,000 names, telephone numbers and email addresses of government employees has been published over the web, mostly staff from the FBI and local police departments.
The initial release of information has been termed, “Part 1” by CWA, however it is also claimed that they have gained access to other law enforcement tools and resources via JABS. This includes the Enterprise File Transfer Service, which is a web-based UI for transferring and sharing files; Cyber Shield Alliance, which is a an FBI program for providing law enforcement agencies with cyber security resources; IC3 which is a cybercriminal reporting and complaints handling tool; and Intelink which is a supposedly secure portal for intelligence sharing and law enforcement collaboration. Multiple other resources have also been compromised by CWA and the hack, but the full extent is as yet unknown.
This sorry episode underlines the seriousness of cyber security, however it also throws into stark light the relative ease with which the US Government can be attacked and breached. As the CWA states, just what would be the case if they had been Russia or China?