CIA Director’s AOL Account Hacked by Teen

john-brennanMy first question is why is some nitwit without the most basic concept of cybersecurity or operational security in charge of the CIA.  Sorry to those of you I offend, but if your email ends with it tells me you are very old and not computer savvy.  And people who still use the AOL application in 2015 are basically still riding a bike with training wheels after 20 years on the Internet.

In a New York Post story, it was reported that John Brennan the Director of the CIA was using his personal AOL account to send and receive messages with top secret document attachments.

The 13 year-old hacker posted some of the stolen documents on his Twitter page.  He claimed the stolen documents were stored as attachments to about 40 emails that he read after breaking into Brennan’s account.  The attack employed a tactic called “social engineering” that involved tricking workers at Verizon into providing Brennan’s personal information and duping AOL into resetting his password.

Brennan’s account was disabled as of Friday.

The really scary bit for me is just how many people in positions of power in this country, Senators, Congressmen, and other high ranking government types, people who are writing cybersecurity policy for our protection, are unable to do simple computing tasks like get online or manage their own email.  In 2015, the sad brag “I got people who do that for me” is so lame it is beyond pathetic.  This includes many corporate CEO.  You know who you are.  Shame on you.

Tune in Wednesday to learn how to keep this from happening to you.


About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.