We can only imagine how (ridiculous) experts at NASA, FBI, CIA and other reputable organizations had felt after finding out they had been breached by… teenagers. This may sound like a movie script but it is not. In reality, many respectable institutions have become victims of little geeks fooling around, breaking passwords and entering enterprise computers. Just for fun? Or are they the next generation of genius genes?
PS: Don’t read the article to your kids, unless you want to encourage them to embrace the dark side and become black hats! Jokes aside, Def Con, the infamous annual hacking conference, recently introduced a new track for kids from age 8 to 16. The youngsters are now welcome to expand whatever knowledge they have on technology and PC security, and join the battle against vicious hacking teams.
Now, let’s ‘meet’ a bunch of the bravest kids out there and have a look at the worst… or the best?… hack operations signed by juveniles.
The AOL Account of CIA Director John Brennan
Earlier this year, it was reported that the personal email account of John Brennan of the CIA had been breached. The hackers went on releasing identifiable information on more than 20 people working at the CIA. Federal investigators examined the claim that high school students have indeed hacked the account and published a spreadsheet from Brennan’s account. Released data contained clearance levels, email addresses, phone numbers and social security numbers of CIA personnel. While the FBI was investigating, the hackers contacted Wired and told their own version of the story.
The attack explained
According to the former National Security Agency technical director Jasper Graham, the jaw-dropping breach of Brennan’s email address was a result of a social engineering attack.
When the hacker called their editorial office, Wired published a story on the story, explaining how the attack took place. Wired editors were the first to hear that the hacker was below 20-years of age and that he didn’t work alone. Two other people helped him carry out the operation. First, the hacking teen team did a reverse lookup of Mr. Brennan’s phone and discovered that he was a Verizon customer.
They used the four digits of the CIA’s Director bank card and got to reset the password on his AOL account.
After they broke in his account, the hackers got access to sensitive government information which was stored as attachments. One of the compromised documents was a 47-page SF-86 application, filled out by Brennan to obtain a top-secret security clearance.
As a total, the hackers spent three days inside Brennan’s personal account, before it was disabled.
The Hack Attacks on PlayStation and Xbox Networks
If you’re a keen gamer and a PlayStation/Xbox lover, you must have heard of the Lizard Squad and their sinister DDoS attacks that angered many fans during the winter holidays of 2014.
One of the members, the 17-year old Julius Kivimaki from Finland, was recently accused of playing a leading role in the notorious DDoS happening. He was actually convicted of more than 50,000 charges on computer crimes. The kid also got a two-year suspended sentence.
Kivimaki is known as ‘zeekill’. Even though the DDoS attacks of the Lizard Squad were quite the harassment and had many victims, zeekill somehow avoided jail.
Kivimaki has been called many things, even a sociopath, and his name has been associated with many unpleasant incidents. As pointed out by KrebsOnSecurity, there is evidence that the teen compromised more than 50,000 computer servers by exploiting vulnerabilities in Adobe’s Cold Fusion web application software. Prosecutors also said Kivimaki used stolen credit cards and spend money on expensive stuff, and participated in a money laundering scheme to fund a trip to Mexico.
The Intrusion into NASA’s Systems
One may think that NASA is unbreakable. But one may be mistaken. Have you read the story of the 15-year old (at the time) who caused a 21-day shutdown of NASA machines back in 1999? The compromised systems supported the international space station. The hacker also invaded a Pentagon weapons computer system and intercepted more than 3,000 email communications, stole passwords and, while inside, acted as an employee. The teen was known as ‘c0mrade’.
C0mrade was convicted and sentenced to 6 months in jail. He was the first juvenile to be sentenced for computer crimes in the US.
Between August 23, 1999, and October 27, 1999, c0mrade did multiple intrusions on various public systems. According to Wikipedia, the reason he was caught was his attack on the computers of the Defense Threat Reduction Agency.
James later admitted to the authorities that he had installed a backdoor in a computer server in Dulles, Virginia, which he applied to install a sniffer. The sniffer permitted him to intercept more than three thousand messages, along with obtaining numerous usernames and passwords of other DTRA employees, at least 10 on official military computers included.
Later, it became known that the software the kid took possession of was the International Space Station’s source code used to control critical life-sustaining elements. As stated by NASA, the intrusion caused them to shut down their computers for three weeks. The prize of the fixing operation was estimated at $41,000.
Unfortunately, according to his family, James was suffering from depression. He was found dead in 2008.