Skip to content

Menu

Robinson & Cole LLP logo
About UsOur PracticeContactTopics
Search
Close
Subscribe

Data Privacy + Cybersecurity Insider

Leveraging Knowledge to Manage Your Data Risks

CIA Director’s email account hacked

By Linn Foster Freedman on October 22, 2015
Posted in Data Breach

An anonymous hacker has contacted the New York Post to explain how he was able to hack into the CIA Director’s AOL email account. According to several reports, a high school student and his two friends implemented social engineering to obtain credentials to hack into the personal account.

How did they do it? According to the hacker, he and his friends completed a reverse lookup of the Director’s cell phone number to determine which telecommunications provider he used. Then they called that provider, saying they worked for the provider and were working with a customer they couldn’t assist because they couldn’t access the company database as it was down. They provided a fake Vcode and were then provided with the Director’s account number, four-digit PIN, the backup mobile number on the account, his email address and the last four digits of his bank card.

Armed with that information, the hackers called AOL and complained that they were locked out of their account. Typical security questions were asked such as the last four digits of the bank card, and they were able to reset the password. They obtained access to the account and read emails, including emails the Director sent to his personal account from his government account.

While in his account for three days, they report that they were able to obtain a portion of his contact list, a spreadsheet listing the names and Social Security numbers of some US intelligence officials, his own application for top-secret security clearance, and a letter regarding interrogation techniques. The hackers posted redacted pages of the documents on Twitter.

The account has been disabled and the FBI and other agencies are investigating.

Tags: AOL email, CIA Director, hacker, social engineering
Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Linn Foster Freedman Linn Foster Freedman

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She is a member of the Business Litigation Group and the Financial Services Cyber-Compliance Team, and chair’s the firm’s Data Privacy and Security Team. Linn focuses her practice on…

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She is a member of the Business Litigation Group and the Financial Services Cyber-Compliance Team, and chair’s the firm’s Data Privacy and Security Team. Linn focuses her practice on compliance with all state and federal privacy and security laws and regulations. She counsels a range of public and private clients from industries such as construction, education, health care, insurance, manufacturing, real estate, utilities and critical infrastructure, marine and charitable organizations, on state and federal data privacy and security investigations, as well as emergency data breach response and mitigation. Linn is an Adjunct Professor of the Practice of Cybersecurity at Brown University and an Adjunct Professor of Law at Roger Williams University School of Law.  Prior to joining the firm, Linn served as assistant attorney general and deputy chief of the Civil Division of the Attorney General’s Office for the State of Rhode Island. She earned her J.D. from Loyola University School of Law and her B.A., with honors, in American Studies from Newcomb College of Tulane University. She is admitted to practice law in Massachusetts and Rhode Island. Read her full rc.com bio here.

Read more about Linn Foster Freedman
Show more Show less
Related Posts
State Bar of Georgia Reveals Security Incident to Employees and Members
October 13, 2022
ParkMobile Can’t Escape Data Breach Class Action
August 25, 2022
Neopets Breach Affects 69M Users
July 28, 2022
Follow us on Twitter Follow us on Twitter
Follow Us on Facebook Follow Us on Facebook
View Our Linkedin Profile View Our Linkedin Profile

Data Privacy + Cybersecurity Insider

Our Authors
Robinson & Cole LLP logo
Connecticut•Massachusetts•New York•Washington DC•Rhode Island•Florida•California•Delaware•Pennsylvania
Follow us on Twitter Follow Us on Facebook View Our Linkedin Profile RSS
Privacy PolicyTerms of UseCalifornia Privacy Rights Notice
  • Home
  • Subscribe
  • Our Practice
  • Contact

Robinson+Cole is a law firm serving regional, national and global clients from nine offices throughout the Northeast. Our Data Privacy + Security Team brings together lawyers from the firm’s Intellectual Property and Technology, Commercial Litigation, and E-Commerce Groups.

Read More...

Topics

Archives

Copyright © 2023, Robinson & Cole LLP. All Rights Reserved.
Law blog design & platform by LexBlog LexBlog Logo

Please note that as of January 1, 2023 our Privacy Policy has changed. Click here for details on our new terms.

OK