A few months after breaching the CIA director's email account, hackers turned their attention to the personal online accounts of James Clapper, the director of US National Intelligence.
Hackers associated with the breach of CIA Director John Brennan's account last year claim to have broken into a handful of accounts associated with Clapper, including his personal email, Internet and phone, according to a report Tuesday on Motherboard. The hackers allegedly changed settings that forwarded every call placed to Clapper's home phone to the Free Palestine Movement.
Brian Hale, a spokesman for the Office of Director of National Intelligence, said late Tuesday in a statement that Clapper's office was "aware of the matter and [had] notified the proper authorities." No other details were provided.
The alleged hack underscores the increased attention hackers are putting on high-ranking members of the US government's intelligence community. Before the hack of Brennan's personal AOL account was revealed in October, the Department of Defense blamed Russian hackers for compromising its systems after security professionals clicked on email links containing malicious code.
In both cases, people trained to know better fell victim to human weakness rather than sophisticated coding skills.
Those behind Brennan's hack told Wired they duped customer service agents at Verizon AOL into handing over his email address and other personal information like the last four digits of his bank card. They also claimed to have used that personal information to talk AOL into resetting Brennan's password, which allowed them access to the account.
Brennan called the hack an "outrage" that highlighted the challenges faced by intelligence and national security communities in a more connected world.
"What it does is to underscore just how vulnerable people are to those who want to cause harm," he said in October, according to a CNN account of a speech at an intelligence conference. "We really have to evolve to deal with these new threats and challenges."
Security experts refer to this kind of attack as social engineering, in which intruders merely sweet-talk themselves past customer service workers and into your accounts by pretending to be you. But there are barriers the security-conscious can throw in the path of hackers.
One of the most effective tools for protecting banking and other online services is two-factor authentication, which makes it harder to remotely reset a password because it requires entering a code sent to the user's mobile phone. A list of companies that offer two-factor authentication for online accounts can be found at twofactorauth.org.