Artificial IntelligenceCryptocurrencyMetaverseCybersecurityTech Forward

Everything you need to know about the CIA director email hack

October 22, 2015, 9:11 PM UTC

A hacker and his buddies claimed this week to have broken into the personal email account of John Brennan, director of the U.S. Central Intelligence Agency. No mean feat, to be sure. Initially, people were incredulous that a self-identified stoner high school student, according to the New York Post, could have gained unauthorized access to the Aol email account of the nation’s top spy chief.

Then came the leaks. The hacker, appearing on Twitter under the handle @phphax and @_CWA_ (the latter account has since been suspended), posted screenshots of sensitive information for top U.S. officials and others. The leaks included an alleged phone call log of former CIA deputy director Avril Haines, as well as Social Security numbers for more than a dozen U.S. officials, including Secretary of Homeland Security Jeh Johnson, whose Comcast account, the hacker claimed, had also been breached.

The hacker—part of a group that identifies as CWA, or “Crackas With Attitude”—apparently gained access to the account associated with Brennan by masquerading as Verizon (VZ) employees, manipulating workers at the company into divulging Brennan’s information, and then eventually taking control of the account. (Verizon bought Aol for $4.4 billion earlier this year.)

Social engineering, as the scam is known, is a common ruse. (Of course, it’s also possible that the hacker lied, or that it was an inside job; this early on, who knows?)

Although officials have not confirmed whether the account was indeed Brennan’s, comments from a CIA spokesperson—along with the contents of the leaked documents—seem to suggest that it was.

“The hacking of the Brennan family account is a crime and the Brennan family is the victim,” said spokesman Dean Boyd on behalf of the intelligence agency in a statement. “The private electronic holdings of the Brennan family were plundered with malicious intent and are now being distributed across the web. This attack is something that could happen to anyone and should be condemned, not promoted.”

“There is no indication that any the documents released thus far are classified,” Boyd added, invoking a line of defense that presidential candidate and former Secretary of State Hillary Clinton used after the public learned that she had used a private email server for official state business. (That assertion turned out to be false, in Clinton’s case.) “In fact, they appear to be documents that a private citizen with national security interests and expertise would be expected to possess.”

David Samberg, a Verizon spokesman, told Fortune via email: “Verizon and its operations, including AOL, take the security of customer information very seriously. We are working with law enforcement to actively investigate.”

On Oct. 16, Aol apparently deactivated the account in question after a battle with Brennan over its ownership. The hackers claim to have had access to the account for three days.

Screen Shot 2015-10-22 at 2.45.48 PM

By Monday afternoon, the hacking group had begun posting redacted—and eventually non-redacted—versions of their allegedly pilfered documents.


WikiLeaks soon got in on the act, too, vowing to publish the leaked documents “over the coming days.”

WikiLeaks CIA screenshot 2015

As promised, the site rolled out the first leaked files soon after. The documents were a bit underwhelming, truth be told. They included recommendations on U.S. foreign policy pertaining to Iran; a letter from the vice chair of the Senate Select Intelligence Committee on ways to frame the CIA’s harsh interrogation methods as “compliant” and “legal;” a copy of Brennan’s national security background investigation SF-86 Form (which contains his Social Security number, a record of his past addresses; and information on his close family members), as well as a legal docket involving a dispute between Brennan’s former private firm—The Analysis Corporation—and the CIA. All the documents appear to date back to 2007-2008.

On Thursday, WikiLeaks continued publishing more documents. One file is a report on strategic recommendations for the U.S. in Afghanistan and Pakistan. Another is a concise six-bullet point summary of that document. And the third is a list of email addresses allegedly contained in Brennan’s Aol contact list, which includes more than 100 government email addresses.

Compared to other data leaks this year, the Brennan Files appear to offer peanuts as far as actual revelations or public interest is concerned. The most shocking thing about the leaks—aside from the private information, which can be abused by identity thieves and financial fraudsters—so far are the headlines: Stoner high school student hacks CIA director’s personal email. The contents themselves are pretty mundane.

Follow Robert Hackett on Twitter at @rhhackett. Read his technology and cybersecurity coverage And subscribe to Data Sheet, Fortune’s daily newsletter on the business of technology, where he writes a weekly column.

For more on political email scandals, watch this video.