WikiLeaks Posts Data From CIA Director's Email Account

HardOCP News · Oct 21, 2015

If you were hoping for some juicy stuff in the CIA director's emails, you are going to be sorely disappointed. This stuff is a snoozefest. And can we stop calling those kids "hackers" already?

Some of the documents appear to be public domain or at least non-classified, but one document is marked "protected" and "to be disclosed only in accordance with Government Accountability Office protected order." One of the documents purports to be Brennan's draft SF86, a document used to determine a candidate's eligibility to later receive classified material.

Pieter3dnow · Oct 21, 2015

good at guessing password would be the new legal term for it

or badly secured website login password accident

.

westrock2000 · Oct 21, 2015

Why do websites or applications not put in like 2-3 second delays between password entries. Just long enough for a person to read something was incorrect and then type again. But long enough to make brute password cracks unbearable.

The fastest supercomputer in the world should never be able to attempt more then 1 password per second.

Pieter3dnow · Oct 21, 2015

password buffer overflow tends to happen even today and that is something which sounds pretty trivial but it still happens ...

Deleted member 184142 · Oct 21, 2015

To the posts so far....No hacking was done, the kid called support and had them reset passwords based on other social engineering calls he had made to gather information. This is rather easy to do with most phone support, where many places will allow you to just sit there and guess as many times as you like, or even give you hits to what it is until you get it right. The kid did no actual "hacking".

{NG}Fidel · Oct 21, 2015

Hate on the kid but that CIA director is dumb as shit for using AOL.
We cannot continue to allow those types of exceptions.
You work for IBM you get an IBM email, you work for Nordstroms you get a Nordstrom email, but when you head the CIA you use AOL?
You tell me how that makes any sense.

ecktt · Oct 21, 2015

Kevin Mitnick is the most famous cracker of all time but most of it was the same social engineering. So, yes these kids are crackers (a hacker is something completely different unless saying the wrong thing so many times makes it correct).

Retronym · Oct 21, 2015

{NG}Fidel said:
Hate on the kid but that CIA director is dumb as shit for using AOL.
We cannot continue to allow those types of exceptions.
You work for IBM you get an IBM email, you work for Nordstroms you get a Nordstrom email, but when you head the CIA you use AOL?
You tell me how that makes any sense.

People assume we are finding these super cyborg smart people into top government positions. We aren't. They are just people. The fairy tale is an easier pill to swallow due to their narrative that they have the right to rule us.

DarkStar02 · Oct 21, 2015

westrock2000 said:
Why do websites or applications not put in like 2-3 second delays between password entries. Just long enough for a person to read something was incorrect and then type again. But long enough to make brute password cracks unbearable.

The fastest supercomputer in the world should never be able to attempt more then 1 password per second.

A lot do, or ban ip addresses after so many attempts. The problem is they can then just rotate through proxies and/or utilize a cloud computing service like Amazon Web Services.

DarkStar02 · Oct 21, 2015

ecktt said:
Kevin Mitnick is the most famous cracker of all time but most of it was the same social engineering. So, yes these kids are crackers (a hacker is something completely different unless saying the wrong thing so many times makes it correct).

Social engineering is hacking, not cracking...

krotch · Oct 21, 2015

{NG}Fidel said:
Hate on the kid but that CIA director is dumb as shit for using AOL.
We cannot continue to allow those types of exceptions.
You work for IBM you get an IBM email, you work for Nordstroms you get a Nordstrom email, but when you head the CIA you use AOL?
You tell me how that makes any sense.

They do get a separate email. It's just some of them like using their old emails, so they well...keep using them.

I have a government email, but I also have my personal email. I'm not stupid enough to have any work related emails on my personal email though.

Bandalo · Oct 22, 2015

{NG}Fidel said:
Hate on the kid but that CIA director is dumb as shit for using AOL.
We cannot continue to allow those types of exceptions.
You work for IBM you get an IBM email, you work for Nordstroms you get a Nordstrom email, but when you head the CIA you use AOL?
You tell me how that makes any sense.

The director HAD a CIA@gov account I'm sure, and probably plenty of other official e-mail accounts.

He also has a personal e-mail account, just like almost every other government employee. There are no regulations anywhere about what personal e-mail service a government employee is required or allowed to use. They can pick AOL, Gmail, Apple, whatever they want for their PERSONAL account.

The problem here is he was putting some work-related items on his personal account instead of his work account.

mullet · Oct 22, 2015

Head if the CIA are you Fing kidding me. If you have a job that high up n the government I would find a company with kickass security and get my private email through them not a damn gmail,yahoo. Good grief.

Gigus Fire · Oct 22, 2015

DarkStar02 said:
Social engineering is hacking, not cracking...

Social engineering is neither hacking nor cracking.
Hacking = whittling a piece of wood or using a technical exploit in software or hardware to do something unintended. Ex: creating a piece of software which performs a android root after doing a buffer overflow is an example of hacking.
Cracking = working with cryptology/codes to figure out something. Figuring out some password that's been encrypted through some smart means (not brute force) is considered cracking. Figuring out the private key of the wiiu is considered cracking.
Social engineering = pretending to be someone else in order to trick people. It's also called fraud. There doesn't have to be any sort of technical prowess. Ex: calling up someone pretending to be someone else for a password reset is the same as calling up someone and trying to sell them junk bonds as an investment.

iDShaDoW · Oct 22, 2015

Hypergreatthing said:
Social engineering is neither hacking nor cracking.

Actually, social engineering IS hacking.

It's a method of circumventing security to gain access to something.

In this particular case, the kid used what is usually the weakest link - people.

Gigus Fire · Oct 22, 2015

iDShaDoW said:
Actually, social engineering IS hacking.

It's a method of circumventing security to gain access to something.

In this particular case, the kid used what is usually the weakest link - people.

Using your definition, someone breaking and entering is hacking since a window and a door are security to a building.
It starts getting stupid really fast.

krotch · Oct 22, 2015

Ya, social engineering is hacking. According to Security+ or well, any security certification.

Ski · Oct 22, 2015

ITT: Everyone's arguing about semantics.

erexx · Oct 22, 2015

"And can we stop calling those kids "hackers" already?"
Thank you!

erexx · Oct 22, 2015

krotch said:
Ya, social engineering is hacking. According to Security+ or well, any security certification.

When CompTIA A+ started calling a DSL Router a Modem that game was over.

WikiLeaks Posts Data From CIA Director's Email Account

[H] News

Supreme [H]ardness

[H]F Junkie

Supreme [H]ardness

Deleted member 184142

Guest

Supreme [H]ardness

Limp Gawd

[H]F Junkie

2[H]4U

2[H]4U

Supreme [H]ardness

2[H]4U

[H]ard|Gawd

2[H]4U

Limp Gawd

2[H]4U

Supreme [H]ardness

[H]ard|Gawd

Limp Gawd

Limp Gawd