A 15-Year-Old Convinced Verizon He Was the Head of the CIA (newsweek.com) 143
schwit1 shares an interesting story. Newsweek reports:
A British teenager managed to obtain access to sensitive U.S. plans about intelligence operations in different Middle East countries by acting as former CIA Director John Brennan, a court heard on Friday. Kane Gamble, 18, researched Brennan and used the information he gathered to speak to an internet company and persuade call handlers to give him access to the spy chief's email inbox in 2015. He pretended to be both a Verizon employee and Brennan to access Brennan's internet account.
Astonishingly, Gamble managed to gain access to Brennan's emails and his addressbook, as well as his iCloud storage. He even managed to remotely access the iPad of Brennan's wife... Gamble, aged 15 at the time, also persuaded a helpdesk at the FBI that he was the then deputy director Mark Giuliano... In October 2017, Gamble pleaded guilty to 10 charges, including eight charges of "performing a function with intent to secure unauthorized access" to the computers and two of "unauthorized modification of computer material."
Astonishingly, Gamble managed to gain access to Brennan's emails and his addressbook, as well as his iCloud storage. He even managed to remotely access the iPad of Brennan's wife... Gamble, aged 15 at the time, also persuaded a helpdesk at the FBI that he was the then deputy director Mark Giuliano... In October 2017, Gamble pleaded guilty to 10 charges, including eight charges of "performing a function with intent to secure unauthorized access" to the computers and two of "unauthorized modification of computer material."
Re: (Score:3, Insightful)
Not only I.T. but most categories.
Government workers are often chosen due to aspects unrelated to ability.
We shouldn't expect much from them.
Re:Good (Score:5, Funny)
Unlike private businesses, where employees are chosen purely on merit.
https://pbs.twimg.com/media/Cy... [twimg.com]
Re: (Score:1)
There's a limit to how sucky a company in the private sector can be. Eventually, no amount of marketing and unthinking brand loyalty (what a delightfully awful term, "brand loyalty") can keep the company going. Hiring people for their connections rather than their abilities hastens the decline. (If it doesn't, they weren't really the wrong people, now were they?)
But Amtrak and the Post Office and unaccredited school districts just keep chugging alone, funded by taxpayers.
The limit there is how much the
Re: (Score:2)
Not really. Not with our corporate bankruptcy laws. There's even a doctrine in the corporate world called, "falling upward".
Re: (Score:3, Funny)
And he likes to call them all, "Donald".
Re: (Score:2)
You're welcome. I live to serve.
Re: (Score:1)
Re: Good (Score:1)
I try not to feed the trolls, but-
"Gamble, aged 15 at the time, also persuaded a helpdesk at the FBI that he was the then deputy director Mark Giuliano"
Sounds like the government to me.
Re: (Score:1)
Most organizations are, public or private. Give the executives and marketers pretty eye-candy and they are happy. The rest is second fiddle.
Re: (Score:3)
The question is, is any organization actually competent with IT?
Re: (Score:3)
The easy answer is yes.
I yesterday had a mandatory 'internet security' training.
The trainer is a 'high guy' in the security department/IT department.
He claimed, a 'reply-to' tag/field is added to an received email when 'the mail server' recognizes that the real adress from where the email came is not the same as in the 'from field'.
And then again, if 'from' and 'reply-to' does not match, the mail is flagged as spam or suspicious.
Re: (Score:2)
The problem is even bad operations get some things right.
Re: Good (Score:2)
Mandatory meetings regarding "reply to" and "from" don't necessarily do squat. Even when they do help, it only helps to contain the damage. An organization is only as strong or as competent as its weakest link.
Re: (Score:1)
Isn't this about Verizon failing, not the gov?
Re: (Score:3)
The USA government types are incompetent with IT.
Isn't this about Verizon failing, not the gov?
The Slashdot reader types are incompetent with reading.
Re:Good (Score:4, Insightful)
"Isn't this about Verizon failing, not the gov?"
Largely. However in a perfect world Brennan's Verizon accounts would contain nothing but emails to his family and friends, ecommerce orders and confirmations, and the usual spam. All his government traffic would be from his .gov account and even that would only contain unclassified material. Classified stuff goes by other means.
Got all that?
Think it works?
Re: (Score:1)
No idea, I only reason the summaries, but it doesn't sound like his gov business was in his Verizon or iCloud account to me.
But that's not really my point.
I read a summary about the failure of Verizon to have even basic security training for it's people in charge of resetting passwords, and the first post basically says it's from the culture of lack of accountability in government. I really don't see how the two are related.
Re: (Score:2)
"Isn't this about Verizon failing, not the gov?"
Largely. However in a perfect world Brennan's Verizon accounts would contain nothing but emails to his family and friends, ecommerce orders and confirmations, and the usual spam. All his government traffic would be from his .gov account and even that would only contain unclassified material. Classified stuff goes by other means.
Got all that?
Think it works?
That has nonthing to with with government, but that single incompetent or corrupt individual.
Re: (Score:2)
Part of it has to do with Congress starving budgets. But this kids only mistake was messing with the FBI. If he'd just done Verizon which btw, is corporate America and has experience breeches before. When you put people that are art majors in place as you CISO you're gonna get breeched.
Mainstream media will give little airtime to this (Score:1, Insightful)
Yes, they will accord little to no serious air time to this story. Instead, they will promote the so called [Russian] "collusion", something I have never bought.
But that aside, isn't this rather embarrassing?
Re: (Score:1)
Yes, it's rather embarrassing this is being posted now 4 months after his trial [bbc.com] and 2 weeks after his sentencing [bbc.com] as reported by the mainstream media [bbc.com].
Re:Mainstream media will give little airtime to th (Score:4)
Yes, they will accord little to no serious air time to this story. Instead, they will promote the so called [Russian] "collusion", something I have never bought.
Of course, why wouldn't they? One issue will have an effect on a tiny group of people over their lifetimes while the other issue has the potential to impact just about every person on the planet. Also, even if you don't believe it, you should see this how the president does, "think of the ratings!"
Re:Mainstream media will give little airtime to th (Score:4, Insightful)
Yes, they will accord little to no serious air time to this story
Good job denying reality. It's on literally every main stream media site.
Re: (Score:1)
Good job denying reality. It's on literally every main stream media site.
You have grave comprehension skills, don't you?
You will benefit from a class in the art of English comprehension. To this end, you could perhaps explore availing yourself to some of these classes. You will not lose.
The keyword in my statement is *air time* - meaning coverage on the airwaves. Not snippets of the topic on websites that not so many visit.
Re: (Score:2)
You will benefit from a class in the art of English comprehension. To this end, you could perhaps explore availing yourself to some of these classes. You will not lose.
Pro tip: writing english good isnt about how many fancy words you use.
The keyword in my statement is *air time*
Eh not my fault that you're unable to make yourself understood. Air time is used to describe amount of coverage, in much the same way we refer to newspapers as "the press" even though even print news papers haven't used actual pres
Re: (Score:2)
yup, Trump had nothing to do with Russia ever.. except maybe..
2008 Trump "Russians make up a pretty disproportionate cross-section of a lot of our assets. We see a lot of money pouring in from Russia" http://time.com/4433880/donald... [time.com]
2013 Trump appears in a music video by the son of Aras Agalarov https://www.youtube.com/watch?... [youtube.com]
2014-2015 - Starting in 2014, Trump oddly Tweeted Nine Times to Deleted Russian Twitter Accounts About Running for President. https://www.pastemagazine.com/... [pastemagazine.com]
11/23/2014 - "@r
Re: (Score:3)
Re: (Score:1)
If you know that AC is a she, you're that AC.
ayy (Score:2)
No zero-day reward?
Re: (Score:2)
No zero-day reward?
Stupidity is its own reward. The gift that keeps on giving until you win a Darwin award.
They need to give him a JOB (Score:3, Insightful)
Waste of talent in prison
Re: (Score:3, Funny)
He has a future in politics
Re: They need to give him a JOB (Score:1)
Re: (Score:3)
Re: (Score:2)
Re: (Score:2)
cojonas
Female testicles? Would those be ovaries?
I'm not sure if this is better or worse than the other misspelling of "cojones" that I often see, which is "cajones" (meaning "large boxes", usually referring to drawers in dressers and cabinets).
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Waste of talent in prison
Social engineering isn't talent. It's just being smooth and convincing when talking to people. This feat while not insignificant, isn't really all that news worthy. From the perspective of a network attack, he simply went for the weakest link: The Humans.
Also, just because he was clever and broke into places he shouldn't be doesn't make him some kind of hero or genius. It's not like he used this talent to acquire something useful to ALL of us, like say, for example, Edward Snowden did. A con man (star
Re: (Score:2)
He is a hero in the sense he pointed out major flaws in how Verizon handles security and in how the CIA director handles security (iCloud, really?). All companies and governments (can) learn big lessons from this that is worth as much as sending 10000 people to a security course.
Re: (Score:2)
Right.
And it was taking advantage of the fact that, generally, big shots in the government and industry don't like to go through the normal channels us plebes would have to. John Brennan or Mark Giuliano's iPad can't connect? They call the help desk and expect a fix Right Now! Ask them for some sort of identity verification and you'll risk getting on some TLA's shit list. So you reset their password or do whatever they ask for.
The FBI is particularly susceptible to social engineering attacks. To the point
Re: (Score:2)
FTFY
Re: (Score:2)
Sperg out if they don't get what they want? Yeah.
So many mistakes, on so many levels... (Score:3)
Re: (Score:1)
The Verizon and other employees and their supervisors who create their service policies don't face charges, so no, nothing will probably happen for a long time. Only when people start dying, something will happen eventually when the body count is high enough for the pattern to be noticed.
secret infomation on non-secure devices? (Score:3)
Is this implying that the CIA director keeps secret information on things like ipads and non-secure cloud storage????
Re: (Score:2)
Re: (Score:3)
This student got access to the CIA Director’s accounts and certain devices, not those of the FBI Director.
Additionally the summary says he “also persuaded a helpdesk at the FBI that he was the then deputy director Mark Giuliano”, but doesn’t say he accomplished anything with that.
Re: (Score:2)
May well be true, but then there isn't that much to the story.
Re: (Score:2)
Is this implying that the CIA director keeps secret information on things like ipads and non-secure cloud storage????
Is this implying you don't realise the number of companies and governments who have approved cloud storage and mobile devices to store secret data?
The iPad part of your comment is especially headscratcing. For all the shit I heap on Apple constantly, failure to offer ways to secure data on devices is not something I criticise them on.
Re: (Score:2)
I don't know if there are any approved cloud storage solutions for classified data. It would surprise me, but its possible. Most secret data has to stored on isolated networks. If they exist, I can't imagine that icloud is one of them. I don't expect Apple to offer a classified data storage solution, it doesn't seem like that fits with their business model. I do expect anyone with access to classified or even sensitive data to keep that data only on secure devices.
A hack of the CIA directors icloud storag
So this means... (Score:5, Insightful)
If this: "military operations and intelligence operations in Afghanistan and Iran" ...is the kind of thing that John Brennen keeps on an ISPs servers, instead of secured government systems, then he needs the cell right next to Hillary.
Oh, right. They are our betters. Laws don't apply to them.
Wrong person (Score:2)
15 year old cons yahoo or whoever into giving up an email account. Wrong person is going to jail.
Re: (Score:2)
Unlikely he'll go to jail, he's a kid and this is the UK. Having said that, strings could get pulled or threats made, it likely depends on what the judge gets up to in his spare time.
IMHO (Score:1)
Not surprising (Score:1, Flamebait)
Given a person with the brain of an 8 year old convinced 46% of voters he is qualified to be president, anything is possible nowadays.
Re: (Score:1)
Re: (Score:3)
Wow, that's a really long post for insisting you believe in magical invisible pink unicorns. What, you don't believe in magical invisible pink unicorns? But you have to! You can't prove they don't exist!
Re: (Score:1)
Re: The Absurdity Of Claiming To Be An Atheist (Score:1)
God damnit! How many times do we have to do this? I swear to god I'm an atheist!
Re: The Absurdity Of Claiming To Be An Atheist (Score:2)
I am both an atheist and the director of the CIA.
Re: (Score:2)
You must have some pretty ugly psychological scars for the batshit crazy to be so strong in you.