An anonymous hacker has contacted the New York Post to explain how he was able to hack into the CIA Director’s AOL email account. According to several reports, a high school student and his two friends implemented social engineering to obtain credentials to hack into the personal account.
How did they do it? According to the hacker, he and his friends completed a reverse lookup of the Director’s cell phone number to determine which telecommunications provider he used. Then they called that provider, saying they worked for the provider and were working with a customer they couldn’t assist because they couldn’t access the company database as it was down. They provided a fake Vcode and were then provided with the Director’s account number, four-digit PIN, the backup mobile number on the account, his email address and the last four digits of his bank card.
Armed with that information, the hackers called AOL and complained that they were locked out of their account. Typical security questions were asked such as the last four digits of the bank card, and they were able to reset the password. They obtained access to the account and read emails, including emails the Director sent to his personal account from his government account.
While in his account for three days, they report that they were able to obtain a portion of his contact list, a spreadsheet listing the names and Social Security numbers of some US intelligence officials, his own application for top-secret security clearance, and a letter regarding interrogation techniques. The hackers posted redacted pages of the documents on Twitter.
The account has been disabled and the FBI and other agencies are investigating.