US investigating report email account linked to CIA director hacked – CNN
While much of the controversy over Clinton’s email use stems from the fact that she used the account for work purposes — there has also been concern about officials using personal email for non-government purposes but on company computers.
The problem is that private email addresses make easy targets.
Johnson apologized over the summer for getting a waiver to use personal email on government computers at the Department of Homeland Security — the civilian agency tasked largely with leading the federal government’s cybersecurity efforts. He called it a “whoops” moment and extended an existing ban to cover top officials who had sought waivers for their email access.
The concern with personal email is that it can be relatively easy for hackers to target and exists outside the protections on .gov email addresses managed by the government.
In fact, the hacker told The New York Post that he used a stunningly simple tactic to allegedly hack Brennan’s account.
The process, called “social engineering,” involves collecting information on a person that is publicly available and using it to personalize an attack on their accounts. In this case, the alleged hacker told the Post he tricked Verizon employees into giving him Brennan’s information and got AOL to reset his password, presumably sending the reset to the hacker.
The tactic, taking advantage of call centers, has been documented by several in the security community as a relatively easy and dangerous hacking technique.
In another form of social engineering, a hacker in 2008 broke into the email account of former vice presidential candidate Sarah Palin by answering her simple security questions, including her birthday and zip code.
And there are other ways personal email addresses can be a risk, including malicious software spread by links in unsophisticated spam.
Though in this case it doesn’t appear any classified information was housed on the officials’ accounts, the hacker claims to have accessed Brennan’s 47-page application for his security clearance, which includes countless personal details, and to have accessed Johnson’s billing page and voicemails.
The hacker told the Post he was a high school student who is critical of U.S. foreign policy and a supporter of Palestine.