Normally when you see a headline referring to intelligence agencies and phone accounts being hacked, you expect in this day and age that it’s law enforcement that is doing the hacking.
But not in this case.
Director of National Intelligence James R. Clapper appears to have become the latest to fall foul of hackers, after a teenage hacker called “Cracka” broke into a number of online accounts belonging to the spy chief.
Cracka told reporter Lorenzo Francheschi-Bicchierai that the accounts accessed included Clapper’s home telephone and internet, his personal email, and his wife Susan’s Yahoo account.
Having allegedly broken into Clapper’s Verizon account, Motherboard reports that the hacker changed its settings to forward all calls to the Free Palestine Movement.
“Cracka provided me with what he claimed to be Clapper’s home number. When I called it on Monday evening, I got an answer from Paul Larudee, the co-founder of the Free Palestine Movement. Larudee told me that he had been getting calls for Clapper for the last hour, after an anonymous caller told him that he had set Clapper’s number to forward calls to him. Larudee said that one of the callers said he was sitting in Clapper’s house next to his wife.”
“According to public records, the phone number does belong to James Clapper’s household. Cracka also provided another number, a cellphone, which he said belonged to either Clapper or Clapper’s wife, Susan. When I called, a woman picked up and I asked if this was Susan Clapper. The woman responded that Susan wasn’t there, but that she’d tell her to call me back. But nobody ever did.”
To further back up his claims, the hacker shared with Motherboard a screenshot of what appears to be Susan Clapper’s Verizon account, as well as a list of call logs made to James Clapper’s house.
However, no screenshots of Clapper’s personal email account have been shared – and you have to wonder why not, as that presumably would have been an attractive scalp for the hacker to boast about.
A spokesman for Clapper said the Office of the Director of National Intelligence was “aware of the matter” and had reported it to the authorities, but declined to share any further information.
It’s not entirely clear why James Clapper was targeted by the hackers, but it’s true to say that he became notorious in March 2013 when he was questioned by a United States Senate Select Committee on Intelligence hearing about whether the NSA “collected any type of data at all on millions or hundreds of millions of Americans”.
You can see the exchange in this YouTube video:
What remains a mystery, of course, is how Clapper’s accounts were hacked. In all likelihood, the security breach was not a result because of a vulnerability at Verizon or Clapper’s email provider that might mean all customers’ accounts might be at risk.
Instead, I would consider it more plausible that some level of social engineering took place – either duping Clapper or someone close to him into revealing a password (perhaps through a phishing attack) or tricking a customer service representative into resetting an account password without legitimate authorisation.
If a fraudulent call was made to a Verizon customer support representative, one has to assume that Clapper’s security wasn’t helped by having his home address and phone number easy to uncover via a simple Google search.
If the details of the security breach are true, then it is obviously a concern that the hacker was not only able to reroute calls made to Clapper’s home, but also view the phone numbers of people calling him and access personal email accounts.
For that reason, it’s perhaps a relief that those behind the hack were more interested in simply pranking the Director of National Intelligence rather than having something more menacing in mind.
Last October, a group calling itself “Crackas With Attitude” or “CWA” managed to break into the AOL email account of CIA Director John Brennan, and claimed to have gained access to the Comcast account of Department of Homeland Security Secretary Jeh Johnson.
At the time, Clapper was said to have been “outraged” by the hacks. No doubt he is feeling even more apoplectic now the hackers have struck closer to home.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.
Title image courtesy of ShutterStock