WikiLeaks publishes documents stolen from CIA director’s email account

CIA Director John Brennan’s private AOL email account has been hacked, apparently by teenage hackers with good social engineering skills.

While it seems that the account contained no classified information, the hackers made off with some potentially sensitive documents.

They shared them with WikiLeaks, who released some of them on Wednesday and is planning to publish more over the coming days. This first batch includes Brennan’s application for top-secret security clearance (from 2008), severals letters, paper drafts, and a letter with recommendations to the US President.

So far, the dates on the leaked documents seem to point to the fact that Brennan either stopped using the account, or stopped sending sensitive information to and through it years ago.

WikiLeaks didn’t mention whether they will be publishing documents stolen from the private Comcast email account of the US Homeland Security Secretary Jeh Johnson, which the hackers also compromised.

“Happily, this is not a story about weak passwords, as the account was not accessed through a brute-force password attack. However, the information that was revealed, such as Mr. Brennan’s application for a CIA security clearance, indicates a broader problem that exists with many email accounts. These are not being used in the manner in which they were originally intended,” infosec analyst Bob Covello pointed out.

“Email is supposed to facilitate quick communication. For most folks, however, email has become the primary file system for too many important documents. This has opened up a new vulnerability; if the email account is compromised, so are many of the important documents that are stored in the email system. Using email for file storage leaves it susceptible as a ‘one-stop shopping’ portal for all of that personal information if that account is breached.”