Data Breach , Data Loss

UK Police Arrest Suspect Over CIA Director's Email Hack

Teenager Accused of Dumping FBI Data, Pranking White House Officials
UK Police Arrest Suspect Over CIA Director's Email Hack

Police in the United Kingdom have arrested a teenager on suspicion of having perpetrated a series of high-profile hack attacks, pranks and data breaches using the names "Cracka" and "DotGovs," against senior White House officials, as well as CIA Director John Brennan.

See Also: Rethinking Endpoint Security

England's South East Regional Organized Crime Unit, SEROCU, confirmed that a hacking-related arrest occurred on Feb. 9. "SEROCU can confirm we have arrested a 15-year-old boy on Tuesday in the East Midlands, on suspicion of conspiracy to commit unauthorized access to computer material, ... conspiracy to commit unauthorized access with intent to commit further offences ... and conspiracy to commit unauthorized acts with intent to impair, or with recklessness as to impairing operation of a computer," all in violation of the U.K. Computer Misuse Act 1990.

SEROCU was also responsible for the December 2015 arrest of an unnamed man, 21, in connection with its investigation into the hack of Hong Kong toymaker VTech (see VTech Breach Suspect Arrested).

In this case, the arrested teen - who has not been named - is suspected of being "Cracka," CNN first reported. An associate of Cracka's who goes by "Cubed" tells news site Daily Dot that Cracka has been released on "unconditional bail" (see Young Hackers: Jail Time Appropriate?).

Via social media channels, Cracka has previously claimed to be the leader of a group calling itself "Crackas with Attitude." Authorities - as well as multiple security experts - believe Cracka was behind this week's release of contact information for 9,000 U.S. Department of Homeland Security and 20,000 FBI employees' contact information. That dox (or data dump) was previewed by the Twitter accountholder "@DotGovs," who then took credit for the information release (see Dox Files: DHS Probes Information Dump).

On Feb. 9, @DotGovs issued the following tweet: "Anyone got a good lawyer?!?!?" The account has since been suspended by Twitter.

"Cracka's arrest is not surprising, as the embarrassing nature of the actor's successful targeting of top government officials and law enforcement agencies likely prompted a significant amount of law enforcement resources to be devoted to his arrest," says threat-intelligence firm iSight Partners in a research note. "Cracka successfully used social engineering to access personal information from high-level U.S. government officials, among others."

Hacks, Pranks Against U.S. Officials and Agencies

Indeed, CWA also claimed credit for the data dump of CIA Director John Brennan's personal AOL email account last October (see CIA Director's AOL Email Account Reportedly Hacked). Stolen emails were passed to - and released by - WikiLeaks. Cracka said the hacks were in retaliation for U.S. foreign policy, and multiple posts to Cracka-controlled Twitter accounts voiced support for Palestine.

CWA also took credit for the November 2015 data dump of about 2,400 names of federal, local, state and international law enforcement agency employees (see Hackers Claim FBI Information-Sharing Portal Breached). The group's members characterized themselves as "teenage stoners" in multiple interviews, claiming in some to also be U.S. high school students.

In January, CWA claimed to have rerouted U.S. Director of National Intelligence James Clapper's home email, as well as forwarded all telephone calls to his home phone number, to the Free Palestine movement, Motherboard reported. Shortly thereafter, CWA claimed to have pulled a similar stunt with President Barack Obama's senior advisor on science and technology, John Holdren.

The teenager who's been accused of being "Cracka" told Motherboard Feb. 10 - before his arrest was publicly announced - that after being arrested, he refused to answer police questions and was released after being held for seven hours, although police had retained his electronic devices for analysis. "I got ... v&," Cracka told Motherboard; "v&" is slang for getting "vanned," or arrested. The teenager also disputed that he was Cracka, adding: "They're trying to ruin my life."


About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the Executive Editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, amongst other publications. He lives in Scotland.




Around the Network