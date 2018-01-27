A 15-Year-Old Convinced Verizon He Was the Head of the CIA (newsweek.com) 108
schwit1 shares an interesting story. Newsweek reports: A British teenager managed to obtain access to sensitive U.S. plans about intelligence operations in different Middle East countries by acting as former CIA Director John Brennan, a court heard on Friday. Kane Gamble, 18, researched Brennan and used the information he gathered to speak to an internet company and persuade call handlers to give him access to the spy chief's email inbox in 2015. He pretended to be both a Verizon employee and Brennan to access Brennan's internet account.
Astonishingly, Gamble managed to gain access to Brennan's emails and his addressbook, as well as his iCloud storage. He even managed to remotely access the iPad of Brennan's wife... Gamble, aged 15 at the time, also persuaded a helpdesk at the FBI that he was the then deputy director Mark Giuliano... In October 2017, Gamble pleaded guilty to 10 charges, including eight charges of "performing a function with intent to secure unauthorized access" to the computers and two of "unauthorized modification of computer material."
Not only I.T. but most categories.
Government workers are often chosen due to aspects unrelated to ability.
We shouldn't expect much from them.
Unlike private businesses, where employees are chosen purely on merit.
https://pbs.twimg.com/media/Cy... [twimg.com]
And he likes to call them all, "Donald".
You're welcome. I live to serve.
Most organizations are, public or private. Give the executives and marketers pretty eye-candy and they are happy. The rest is second fiddle.
The question is, is any organization actually competent with IT?
The easy answer is yes.
I yesterday had a mandatory 'internet security' training.
The trainer is a 'high guy' in the security department/IT department.
He claimed, a 'reply-to' tag/field is added to an received email when 'the mail server' recognizes that the real adress from where the email came is not the same as in the 'from field'.
And then again, if 'from' and 'reply-to' does not match, the mail is flagged as spam or suspicious.
The problem is even bad operations get some things right.
Mandatory meetings regarding "reply to" and "from" don't necessarily do squat. Even when they do help, it only helps to contain the damage. An organization is only as strong or as competent as its weakest link.
Isn't this about Verizon failing, not the gov?
The USA government types are incompetent with IT.
Isn't this about Verizon failing, not the gov?
The Slashdot reader types are incompetent with reading.
"Isn't this about Verizon failing, not the gov?"
Largely. However in a perfect world Brennan's Verizon accounts would contain nothing but emails to his family and friends, ecommerce orders and confirmations, and the usual spam. All his government traffic would be from his
.gov account and even that would only contain unclassified material. Classified stuff goes by other means.
Got all that?
Think it works?
Mainstream media will give little airtime to this
Yes, they will accord little to no serious air time to this story. Instead, they will promote the so called [Russian] "collusion", something I have never bought.
But that aside, isn't this rather embarrassing?
Yes, it's rather embarrassing this is being posted now 4 months after his trial [bbc.com] and 2 weeks after his sentencing [bbc.com] as reported by the mainstream media [bbc.com].
Yes, they will accord little to no serious air time to this story. Instead, they will promote the so called [Russian] "collusion", something I have never bought.
Of course, why wouldn't they? One issue will have an effect on a tiny group of people over their lifetimes while the other issue has the potential to impact just about every person on the planet. Also, even if you don't believe it, you should see this how the president does, "think of the ratings!"
Yes, they will accord little to no serious air time to this story
Good job denying reality. It's on literally every main stream media site.
Good job denying reality. It's on literally every main stream media site.
You have grave comprehension skills, don't you?
You will benefit from a class in the art of English comprehension. To this end, you could perhaps explore availing yourself to some of these classes. You will not lose.
The keyword in my statement is *air time* - meaning coverage on the airwaves. Not snippets of the topic on websites that not so many visit.
yup, Trump had nothing to do with Russia ever.. except maybe..
2008 Trump "Russians make up a pretty disproportionate cross-section of a lot of our assets. We see a lot of money pouring in from Russia" http://time.com/4433880/donald... [time.com]
2013 Trump appears in a music video by the son of Aras Agalarov https://www.youtube.com/watch?... [youtube.com]
2014-2015 - Starting in 2014, Trump oddly Tweeted Nine Times to Deleted Russian Twitter Accounts About Running for President. https://www.pastemagazine.com/... [pastemagazine.com]
11/23/2014 - "@r
No zero-day reward?
No zero-day reward?
Stupidity is its own reward. The gift that keeps on giving until you win a Darwin award.
They need to give him a JOB
Waste of talent in prison
He has a future in politics
Waste of talent in prison
Social engineering isn't talent. It's just being smooth and convincing when talking to people. This feat while not insignificant, isn't really all that news worthy. From the perspective of a network attack, he simply went for the weakest link: The Humans.
Also, just because he was clever and broke into places he shouldn't be doesn't make him some kind of hero or genius. It's not like he used this talent to acquire something useful to ALL of us, like say, for example, Edward Snowden did. A con man (star
He is a hero in the sense he pointed out major flaws in how Verizon handles security and in how the CIA director handles security (iCloud, really?). All companies and governments (can) learn big lessons from this that is worth as much as sending 10000 people to a security course.
Right.
And it was taking advantage of the fact that, generally, big shots in the government and industry don't like to go through the normal channels us plebes would have to. John Brennan or Mark Giuliano's iPad can't connect? They call the help desk and expect a fix Right Now! Ask them for some sort of identity verification and you'll risk getting on some TLA's shit list. So you reset their password or do whatever they ask for.
The FBI is particularly susceptible to social engineering attacks. To the point
FTFY
Sperg out if they don't get what they want? Yeah.
So many mistakes, on so many levels...
The Verizon and other employees and their supervisors who create their service policies don't face charges, so no, nothing will probably happen for a long time. Only when people start dying, something will happen eventually when the body count is high enough for the pattern to be noticed.
secret infomation on non-secure devices?
Is this implying that the CIA director keeps secret information on things like ipads and non-secure cloud storage????
This student got access to the CIA Director’s accounts and certain devices, not those of the FBI Director.
Additionally the summary says he “also persuaded a helpdesk at the FBI that he was the then deputy director Mark Giuliano”, but doesn’t say he accomplished anything with that.
May well be true, but then there isn't that much to the story.
So this means...
If this: "military operations and intelligence operations in Afghanistan and Iran"
...is the kind of thing that John Brennen keeps on an ISPs servers, instead of secured government systems, then he needs the cell right next to Hillary.
Oh, right. They are our betters. Laws don't apply to them.
Wrong person
15 year old cons yahoo or whoever into giving up an email account. Wrong person is going to jail.
Unlikely he'll go to jail, he's a kid and this is the UK. Having said that, strings could get pulled or threats made, it likely depends on what the judge gets up to in his spare time.
the CIA's a funny organization
