TEENAGED HACKERS TAKE US INTELLIGENCE TO SCHOOL

“Intelligence” is a very subjective concept often associated with age, wisdom, and (of course) powerful government jobs. But over the past 5 months starting on October 19, 2015 a group of teenaged hackers called “Crackas With Attitude”(or CWA) proved that you don’t need any of that to beat the nations’ best at intelligence gathering.

CWA directed their first attack at CIA director John Brennan’s personal AOL email account. Amazingly, the CWA even bragged that hacking Brennan was “not hard at all,” and that “[i]t was basically just a walk through.” But Cubed – a member of the CWA – told Lorenzo Franceschi-Bicchierai of Motherboard that the hack was supposed to embarrass Brennan, not punish him. This is because “[Brennan] is meant to be a leader of some big secure company but has been doxed and hacked by a bunch of high school students.”

Although this first hack remains unconfirmed, their next hack was pretty hard to deny or ignore.

Less than a month later on November 5th, a CWA with the alias “Cracka” (later revealed to be the group’s leader) released a list of nearly 2400 names, emails, and phone numbers. All of which supposedly belonged to members of the local and federal law enforcement agencies, as well as intelligence and military agencies. At this time, the CWA also claimed to have “a lot more names,” that are “[t]oo many to count” still waiting to be released online if things didn’t proceed the way they wanted. Oddly and unfortunately, however, the CWA has never once clearly explained their motivations for these attacks.

Cracka gave probably the ‘best’ explanation when he said: “I did it […] [because] I just wanted the gov to know people aren’t f*****g around, people know what they're doing and people don’t agree #FreePalestine.”

A free Palestine and a more transparent and trustworthy government are excellent goals that I too hope come to pass soon. Still, it’s not clear yet what exactly the CWA are demanding the US government do to appease their wrath and stop further attacks.   

Franceschi-Bicchierai had Michael Adams – an information security professional who worked more than 2 decades in the US Special Operations Command – examine the data. Adams discovered the alarming likelihood that some of the people on the list’s cover had been blown. Possibly even more worrying though is Adams’ warning that this powerfully dangerous list could make it into the wrong hands like a hostile foreign government.

Being outed in this way could be catastrophic for not only officers’ cases and careers, but also potentially their lives. This is why Franceschi-Bicchierai says this hack is, “more serious than a random data dump.” Indeed, Adams said “[t]hey’re busting covers left and right and they don’t know it. I don’t think they have a f*****g clue what they have.”

Whether the CWA know what they’re doing or not, on November 12th Cracka was back on the job again. Franceschi-Bicchierai said, 

“One of the group’s hackers, who’s known as ‘Cracka,’ contacted me on Monday, claiming to have broken into a series of accounts connected to [Director of National Intelligence James] Clapper, including his home telephone and internet, his personal email, and his wife’s Yahoo email. While in control of Clapper’s Verizon FiOS account, Cracka claimed to have changed the settings so that every call to his house number would get forwarded to the Free Palestine Movement.”

And on January 18th, 2016 another CWA who’s alias is Fearz (or @fearhax) did pretty much the exact same thing to John Holdren, President Barack Obama’s senior adviser of science and technology.

Exactly a month before that, however, on November18th the FBI’s Internet Crime Complaint Center (IC3) issued this clearly ineffective alert:

“The Internet Crime Complaint Center (IC3) has issued an alert warning that law enforcement personnel and public officials may be at an increased risko f cyber attacks. In addition to doxing (the act of gathering and publishing individuals' personal information without permission), threat actors have been observed compromising the email accounts of officers and officials. These target groups should protect their online presence and exposure.”

While the alert never specifically names CWA or any of its individual members, its proximate timing to these attacks – not to mention the types of attacks mentioned – match those they’ve been alleged to have committed.

Obviously the alert was not enough to protect government employees from further CWA cyber-attacks. In addition to the January 18th attack, Cracka dumped a list of9,000 Department of Homeland Security employees immediately after the game on Super Bowl Sunday (Feb 7). Less than 24 hours later he also published a list of more than 20,000 FBI agents.

Peter Carr, spokesperson from the Department of Justice, explained to Motherboard that, “[t]his unauthorized access is still under investigation; however, there is no indication at this time that there is any breach of sensitive personally identifiable information.” This comment seems odd given that we know that even names and positions can be considered ‘sensitive information’ if the person works in intelligence (especially if undercover).

While this story is still ongoing, it’s currently at a standoff since UK police arrested Cracka (who is apparently a mere 16-years-old). The remaining members of the CWA are enraged by Cracka's arrest and have allegedly vowed to up their attack efforts until either their apparent leader is freed or they are all captured.