Teen Hacker Who Social Engineered His Way Into Top-Level US Government Officials' Accounts Pleads Guilty To Ten Charges
from the barely-post-pubescent-wrecking-crew dept
The teenage hacker who tore CIA director John Brennan a new AOL-hole is awaiting sentencing in the UK. Kane Gamble, the apparent founder of hacker collective Crackas With Attitude, was able to access classified documents Brennan has forwarded to his personal email account by posing as a Verizon tech. Social engineering is still the best hacking tool. It’s something anyone anywhere can do. If you do it well, a whole host of supposedly-secured information can be had, thanks to multiple entities relying on the same personal identifiers to “verify” the social engineer they’re talking to is the person who owns accounts they’re granting access to.
Despite claiming he was motivated by American injustices perpetrated around the world (Palestine is namechecked in the teen’s multiple mini-manifestos), a lot of what Gamble participated in was plain, old fashioned harassment.
Gamble taunted his victims online, released personal information, bombarded them with calls and messages, downloaded pornography onto their computers and took control of their iPads and TV screens, a court heard.
This might be chalked up to Gamble’s youth or his supposed residence on the autism spectrum. But that’s not the limit of the chaos caused by his social engineering. He was able to gain access to the FBI’s law enforcement database and DHS boss Jeh Johnson’s voicemail. He apparently dumped a database of FBI 20,000 agents’ personal info and accessed email accounts of deputy national security advisor Avril Haines.
But there were other acts as well, some that resulted in plenty of people fearing for their safety.
He used his access to steal and post online personal details of Officer Darren Wilson who shot and killed black teenager Michael Brown in Ferguson Missouri.
At the same time he harassed the [FBI Deputy Director Mark] Giuliano family and people associated with them and bombarded them with calls, meaning that they were forced to seek protection from the intelligence agencies and an armed guard was placed at their home.
Mr Obama’s senior science and technology adviser John Holdren had his personal accounts hacked and Gamble passed all of his personal details to an accomplice who used them to make hoax calls to the local police claiming that there was a violent incident at Mr Holdren’s house resulting in an armed swat team being deployed.
Gamble has pled guilty to ten counts of criminal computer misuse. He has yet to be sentenced but I can’t imagine it will go well for him. What Gamble did was harmful to many people’s personal security and the harassment of family members of public officials crosses several lines, as does the SWATing. But he did expose plenty of weak leaks in the security protocols deployed by companies like Verizon and the US government itself. The reliance on the same security questions (names of pets, schools, maiden names, etc.) across multiple services often means accessing one will open up access to all of them. Once a primary account is compromised, it can be used to change login and security verification info for accounts reliant on it.
It also exposed how high-ranking government officials made these weak links even weaker. In CIA Director Brennan’s case, the sensitive documents Gamble accessed had been forwarded to an email account maintained by a third party. If Brennan had been more careful with his handling of classified documents — like keeping them in the secured systems they came from — Gamble wouldn’t have been able to view and/or distribute these to people who shouldn’t be seeing them.
Governments make weird enemies. Sometimes they’re teens residing in small council houses in the UK. But the enemies they make can do considerable damage armed with nothing more than a cellphone, a laptop, and an internet connection.