FBI Arrests Two Suspects Involved With Hacking Of CIA Director's Personal Email Account

from the hack-the-CIA-and-FBI,-but-keep-chatlogs-and-use-Twitter-DMs-because-?? dept

The alleged hackers who social engineered their way into CIA director John Brennan's personal email account have been rounded up by the FBI. The so-called "Crackas With Attitude" collective lost two of its members to the federal court system late last week.

Andrew Otto Boggs, 22, who allegedly used the handle Incursio, or IncursioSubter, and Justin Gray Liverman, who is suspected of using the moniker D3f4ult, were arrested on Thursday, according to a press release by the US State’s Attorney’s Office in the Eastern District of Virginia.

The affidavit [PDF] in support of the arrest warrant is a hell of a read -- although possibly a very trying read for those with limited patience for txt spk and l33t h4x0r screen names. It's also a cautionary tale of hubris winning out over operational security, somewhat ironic for a group of hackers who took obvious glee in pointing out how terrible everyone else's security is.

The group made heavy use of social media, and in particular Twitter, to spread news of the dumps and mock victims. However, according to the affidavit, Boggs allegedly connected to one of the implicated Twitter accounts (@GenuinelySpooky) from an IP address registered to his father, with whom Boggs lived.

Much the same mistake led to Liverman’s identification: an IP address used to access the Twitter handle @_D3F4ULT and another account during the relevant time period was registered to an Edith Liverman. According to the affidavit, publicly available information revealed that Justin Liverman lived with Edith at the time.

The affidavit also includes several sets of Twitter direct messages between members of the group.

Also uncovered during the investigation were stored chat logs and screen recordings of the hackers in action.

Possibly of use in connecting the dots for the FBI was one of the accused's (supposed) participation in the Pentagon's bug bounty program -- something he would have had to sign up for using verifiable information.

Justin Liverman, who goes by the handle “D3F4ULT,” according to a press release by the US Attorneys Office for the Eastern District of Virginia, states on his LinkedIn page that he participated in the HackThePentagon program.

Or not...

HackerOne would not confirm or deny whether Liverman participated in its HackThePentagon program. However, requirements for gaining clearance to submit to the bounty were lax. To qualify, hackers had to be US persons and couldn’t appear on the US Treasury Department’s Specially Designated Nationals list of people and organizations engaged in terrorism, drug trafficking and other crimes, according to a Department of Defense press release.

Tough to verify when the person in question spent nearly as much time shit-posting as hacking. All in all, CWA seemed to be a fun, if not overly-cautious bunch that truly enjoyed worming their way into the inner computing spaces of high-ranking government officials.

However, this does not mean the group was mostly harmless. The affidavit shows the arrestees allegedly engaged in nastier activities as well.

Liverman also allegedly used a phone number linked to the @_D3F4ULT account to call one of the unnamed victims, and even recorded himself paying for a phone-bombing service to bombard the target’s device with calls.

The affidavit contains one of the hackers stating another sent a victim's phone "720 voicemail threats and like a thousand goatse sms image messages."

Also from the affidavit, a little IM action about calling in a bomb threat at a local law enforcement office.

Meanwhile, those remaining are claiming two things: that there are more hackers still on the loose. And that the FBI has the wrong guy… in all senses of the word.

Zoom claimed to have been raided earlier this year, but said he hasn't been arrested nor charged yet. The hacker also claimed that the FBI got the wrong person arresting Boggs because Incursio was actually a woman.

“Its not like this isn't the first time the FBI has been confused,“ Zoom said.

If nothing else, the CWA hackings proved government agencies like the DHS and FBI must not be able to hear themselves talk when they demand more data on Americans, despite not being able to secure the information they already have from 16-year-old hackers who go by the name of "penis" on Twitter. Their efforts also made it clear that most cell phone service providers' authentication processes have miles to go before they even approach "competent."

Filed Under: andrew boggs, cia, crackas with attitude, email, hacking, jon brennan, justin liverman


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    That Anonymous Coward (profile), 13 Sep 2016 @ 11:58am

    I await for the charges to be piled into the stratosphere, to make sure no one else would dare do this. And then they will go back to how they've always done things, secure that threats of a lifetime in jail will keep someone from making them look like fools again.

    Even after this, anyone want to bet that these same holes exist? There might be a secret word required now, but how hard is it to get the dogs name?

    Security through obscurity not working?
    Try security through insane sentencing minimums.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 13 Sep 2016 @ 11:59am

    One of the hackers, Boggs, LITERALLY lived in his parent's basement.

    Good luck living that one down.

    reply to this | link to this | view in chronology ]

  • icon
    Ninja (profile), 13 Sep 2016 @ 12:09pm

    “Its not like this isn't the first time the FBI has been confused,“ Zoom said.

    Sadly. They've been producing all sorts of pseudo-terrorists for a while now. So I'd say "It's not unusual to see the FBI completely confused."

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 13 Sep 2016 @ 12:26pm

    Sooo, if two idiot kids, still living at home, can do all this, how much access can we assume Russia, China, et al. have to US Government accounts and services?

    reply to this | link to this | view in chronology ]

    • icon
      Roger Strong (profile), 13 Sep 2016 @ 12:35pm

      Re:

      "All this?" It was an AOL account, not a secure FBI data center.

      Relevant XKCD

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 13 Sep 2016 @ 12:46pm

        Re: Re:

        But isn't that where they carry out all the business that they do not want to risk being revealed by a fOIA request?

        reply to this | link to this | view in chronology ]

        • icon
          Roger Strong (profile), 13 Sep 2016 @ 1:06pm

          Re: Re: Re:

          Unlikely. With a private server when you delete an email you can ensure that it *stays* deleted. With AOL not only are they probably keeping backups, but their "marketing partners" may have copies.

          To be thorough you do like some in Congress: Declare that you "don't use email." Then communicate through an aide's email account. Preferably on a private server.

          reply to this | link to this | view in chronology ]

    • icon
      Uriel-238 (profile), 13 Sep 2016 @ 12:40pm

      Meddling kids

      One wonders if the Russian and Chinese cyberdivs have lists of US haxxorz they can pin their own deeds on by leaving signiture footprints.

      reply to this | link to this | view in chronology ]

  • icon
    Roger Strong (profile), 13 Sep 2016 @ 12:31pm

    Nothing Changes

    I remember a young hacker being interviewed 30+ years ago....

    Q: When did you first realize that what you were doing could get you in serious trouble?

    A: That would be when the FBI knocked on our door.

    reply to this | link to this | view in chronology ]

  • icon
    Uriel-238 (profile), 13 Sep 2016 @ 12:36pm

    "US Treasury Department’s Specially Designated Nationals list of people and organizations engaged in terrorism, drug trafficking and other crimes"

    One list to rule them all
    One list to find them
    One list to bring them all
    And in the darkness bind them

    reply to this | link to this | view in chronology ]

  • identicon
    Michael, 13 Sep 2016 @ 12:50pm

    The director of the CIA cannot get a better email service than AOL?

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 13 Sep 2016 @ 1:33pm

    US Treasury Department’s Specially Designated Nationals list of people and organizations engaged in terrorism, drug trafficking and other crimes

    In what universe is this list the responsibility of the treasury department?

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 13 Sep 2016 @ 1:35pm

    despite not being able to secure the information they already have from 16-year-old hackers who go by the name of "penis" on Twitter.

    Every 16 year old knows that if you can't beat them, drag them down to your level and beat them with experience. Or in the case of the FBI, with swat teams and armored vehicles.

    reply to this | link to this | view in chronology ]

  • icon
    Jeremy2020 (profile), 13 Sep 2016 @ 2:25pm

    I wouldn't be surprised if these guys ended up having nothing to do with it

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 13 Sep 2016 @ 2:33pm

    Opsec fails make for good reading.

    reply to this | link to this | view in chronology ]

  • icon
    Padpaw (profile), 13 Sep 2016 @ 7:00pm

    So we only have the FBI's word on all this then? Considering how much they have been exposed to lie consistently when it benefits them, I have some doubts on whether or not they just picked a few random people known for being associated with the hacking community and decided to pick them as the masterminds.

    reply to this | link to this | view in chronology ]

  • identicon
    Croaker Jianghu, 14 Sep 2016 @ 12:19am

    Re: Twitter is as leaky as Karl ROVES ass

    Note in these filings the prominent use of Twitter, and DM's as 'evidence?

    Cuz Twitter has coders and InfraGard working te "back channel" and every time they pull off an eploit and pass the data to .mil or DHS or FBI, they perform cleanup operations.

    It circumvents the warrant requirement/due pocess completely.

    Wanna see how? #backchannel #cleanuprequest 'back channel cleanup request'

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Close

Add A Reply

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Special Affiliate Offer

Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.