0 Shares 0



0

0







How much the United States government spends to protect its communications infrastructure is, of course, classified, but it certainly amounts to tens of billions of dollars, but one of the anomalies of the way the vast federal communications system works is that there is no unified security standard that applies across the board to all agencies and departments. This means that some systems are well protected while others are not and it also means that once one gains entry into a single network it is possible to penetrate others by exploiting the credibility provided by that first breakthrough, which enables one to work from inside the security bubble.

Sometimes the steps that a computer system uses to confirm the credibility of a potential user are the most vulnerable point as a successful identity theft establishes one’s bona fides and permits access to a wide range of information. Once you are in the door, the system will not normally challenge you, meaning that it is less secure than your own checking account, which will occasionally ask you security questions to confirm your identity.

Entering someone else’s personal account through manipulation rather than technical hacking is referred to as “social engineering.” And pretending to be someone else is not really that difficult. High level government officials have public profiles that places them regularly in the limelight, sometimes talking about themselves, their families and their personal experiences, particularly when they are running for office and want to look like regular people. It is not that difficult to comb through published accounts and public records to learn about their personal histories and even to learn where they live. In most jurisdictions, property records are on line and a little searching will reveal residences. In some states, it is not too hard to learn about vehicles and other “real property” owned. That sort of information put together with the sorts of information reported on Wikipedia and elsewhere frequently provides clues to likely passwords and security questions.

A recent story out of England demonstrates just how vulnerable the system is while also making clear that no foreign government necessarily needs to hire a team of sophisticated trained hackers to break into a secured or restricted access communications network. As the investigation we have come to call Russiagate rests largely on the supposition that the alleged hack of the Democratic National Committee server “must have been done by Russia” it is important to consider that a high level of institutional sophistication is not necessarily a sine qua non for intrusion into a computer system that is linked to the internet.

In the British case, it was a reportedly shy autistic fifteen-year-old boy with a claimed mental development of a twelve or thirteen year-old who did the damage, working out of his bedroom in a public housing project where he lived with his mother. Kane Gamble of Leicestershire, basically broke into numerous personal and government accounts of high level U.S. government officials, not by computer hacking, but by actually pretending to be those individuals and fooling account managers or otherwise circumventing the safeguards that were in place.

Gamble penetrated an astonishing number of private and government accounts during his 2015-2016 eight-month long romp through the upper echelons of the United States government. He even created a false persona and social media account under the name Crackas With Attitude (CWA), where he communicated with supporters, including a number of Americans. On a linked anonymous Twitter account, he claimed credit for some of his intrusions even as he was carrying them out. Gamble’s victims included then CIA Director John Brennan, Director of National Intelligence James Clapper, Secretary for Homeland Security Jeh Johnson and FBI Deputy Director Mark Giuliano.

Kane Gamble obtained access to a number of sensitive documents on his journey, including 20,000 FBI case files and investigations, an application for a security clearance by way of Brennan, plans for intelligence and security operations in Afghanistan and Iraq, and the FBI’s Law Enforcement Exchange Portal, but his real objective was to embarrass his targets and the government they worked for. Some of the classified information was shared withWikiLeaks, which published the material.

Most often, Gamble obtained confidential information by pretending to be the individuals he was actually victimizing, going to help or customer service desks at companies like Comcast, AOL and Verizon and complaining that he had misplaced his passwords. He used the information obtained to establish his bona fides on other accounts and was able to harass his targets over the phone. He even gained control over Jeh Johnson’s smart television to leave a message “I own you” and made phone calls in which he threatened to “bang” Johnson’s daughter. On a somewhat whimsical note, James Clapper’s phone calls were diverted to the office of the Free Palestine Movement.

Perhaps the more interesting part of the story is the answer to “why did he do it?” Gamble told a journalist on Twitter that “It all started by me getting more and more annoyed at how corrupt and cold-blooded the U.S. government are (sic). So I decided to do something about it.” He told supporters that the United States was killing innocent people all around the world. The British court heard how Gamble “felt particularly strongly” about U.S. government supported Israeli violence against Palestinians, by the killing of black people by American policemen, by racist violence by the white supremacists and by the bombing of Iraq and Syria. One of his Twitter tags was #freepalestine.

Kane Gamble was eventually arrested by the British police after a complaint was lodged by the FBI and U.S. Secret Service. The prosecution claimed that he had “put lives at risk,” which Gamble had actually conceded in an online chat. He pleaded guilty to eight charges of unauthorized access to computers but has not yet been sentenced. Two American associates from North Carolina, Andrew Boggs and Justin Liverman, were arrested in 2016 and convicted of criminal hacking conspiracy, receiving respectively two and five-year prison sentences.

*(John O. Brennan, Former Director, Central Intelligence Agency. Image credit: Fortune Brainstorm TECH/ flickr)