Two charged with hacking CIA chief, DNI, other top officials
Two men from North Carolina were arrested Thursday, charged with being members of the hacking group “Crackas with Attitude,” who last year posted personal data stolen from the home email accounts of top U.S. security officials.
Andrew Otto Boggs, 22, who used the hacker handle “INCURSIO,” and Justin Gray Liverman, 24, who called himself “D3F4ULT,” face conspiracy and other charges “related to their alleged roles in the computer hacking of several senior U.S. government officials and U.S. government computer systems,” the Department of Justice said in a release.
They are expected in court in Virginia next week.
According to the Justice Department, Boggs and Liverman conspired to use “social engineering” hacking techniques, like victim impersonation, to get into the personal email, internet and social media accounts of senior U.S. government officials and their families — as well as a U.S. government computer system: the Justice Department’s Law Enforcement Enterprise Portal.
“In some instances, members of the conspiracy uploaded private information that they obtained from victims’ personal accounts to public websites; made harassing phone calls to victims and their family members; and defaced victims’ social media accounts,” the department states.
In a revelation that might raise questions about bug bounty programs, Liverman claims on his LinkedIn page to have taken part in the crowd-sourced vulnerability hunt called “Hack the Pentagon,” in which security researchers were encouraged to look for security holes in the Department of Defense’s public-facing websites.
Buzzfeed, which first reported the Liverman claim, said the organizers of “Hack the Pentagon” would not confirm or deny his participation.
But the much-touted vetting of the participants appears to have been rudimentary — “Eligible participants must be a U.S. person, and must not be on the U.S. Treasury Department’s Specially Designated Nationals list of people and organizations engaged in terrorism, drug trafficking and other crimes,” according to a Pentagon factsheet.
[Read more: ‘Stoner’ hacker dumps personal data of CIA, DHS chiefs]
Beginning in October last year, “Crackas with Attitude,” in a series of tweets and online postings, published personal documents and data apparently from the private email or Internet accounts of CIA Director John Brennan, Homeland Security Secretary Jeh Johnson and, in January, Director of National Intelligence James Clapper.
In February, the hackers dumped professional contact information for nearly 30,000 FBI and DHS staff — saying it came from the DOJ intranet.
Publishing personal data online is a form of hacker attack known as “Doxing,” and it has been frequently used by hacktivist groups like Anonymous — especially against law enforcement.
“Crackas with Attitude” said at various times that their actions were in protest of U.S. support for the Israeli occupation of the Palestinian Territories.
[Read more: New FBI warning after Brennan doxing]
Following the attacks, the FBI issued warnings to police and intelligence officials.
Charging documents say the conspirators also released personal data from some 80 members of various Miami-area law enforcement agencies.
In February, Britain’s South East Regional Organized Crime Unit confirmed a CNN report that they had arrested a 16 year-old on computer charges, and U.S. officials told news organizations the arrest was connected to the “Crackas with Attitude” social-engineering hacks.
On Thursday, the Justice Department stated that “At least three other members of the conspiracy are located in the United Kingdom and are being investigated by the Crown Prosecution Service.” Officials declined to elaborate, but the charging affidavit states they are two 17 year-old males, known as “CRACKA” and “DERP” and a 15 year-old known as “CUBED.”
The affidavit reproduces a series of Twitter direct message exchanges between Liverman and Boggs and CRACKA dating back to July last year, in which they discuss the takeover of several email and Internet accounts belonging to senior U.S. government officials and their spouses — all of whose names are redacted.