WikiLeaks has released documents it said had been collected from CIA director John Brennan’s personal AOL account, the first in what the group said would be a series of publications.
The personal email account of the US’s top spy was compromised by hackers who claimed to be high school students. Those hackers had threatened on Twitter to release the same documents.
The embarrassing leaks include a questionnaire for the official’s security clearance marked: “Review copy – Do not retain.” Other documents included an early version of the Limitations on Interrogations Techniques Act of 2008, a bill defining the limits of interrogation methods. Also released was a letter from Missouri Republican senator Christopher Bond, then a member of the Senate select committee on intelligence. All the documents in the WikiLeaks cache are from 2008 and before. Brennan assumed office in 2013.
The hack is an embarrassment not just for Brennan and for the CIA, but also for AOL and parent company Verizon. The sensitivity of the material in the account notwithstanding, the hackers have said that they were able to obtain a Verizon employee ID number and, with that, the last four digits of Brennan’s credit card on file, which was all that was needed to reset the email password for the US’s top intelligence official.
The leak arrived one day before former US secretary of state Hillary Clinton was scheduled to testify about her own personal email accounts before a congressional panel established to investigate the attack on the US consulate in Benghazi, Libya, but has grown increasingly focused on the vulnerability of government information on her communications.
The people behind the breach, who call themselves CWA (Crackas With Attitude), said they had breached Brennan’s account and followed up with screenshots containing social security numbers, cellphone numbers and email addresses. The cell numbers and email addresses appeared to be genuine. Authorities told that Brennan’s account did not contain any classified information.
Multiple Twitter accounts associated with CWA have been deleted or suspended. Another account, used by a member calling him or herself PHPhax, is still live, but has not been active for 13 hours after a near-constant stream of information, teasers about the kind of data in the account and jokes about how the account’s user would soon be “v&” (“vanned”) – taken away in a van. His last tweet was: “What are those flashing lights.”
One hacker claimed to be “American high school student who is not Muslim and was motivated by opposition to US foreign policy and support for Palestine”. The Twitter timeline for PHPhax includes many references to the UK. It’s not clear which members of CWA are using any of the accounts at a given time.