Of all the adversaries that cybersecurity bods have to face, it’s not always the most obvious ones that cause the most damage. Nation state hacking groups – you can kind of see that coming. But then along came the teenagers. A handful at the best of times, but when they’re coming for you, your email and iCloud accounts, you’d better watch out.
There’s been a spate of young males from the UK and US getting in on the hacking. One hacker in particular was Kane Gamble, the then 15 year old British teenager who made global headlines when he broke into the email accounts of CIA and DNI chiefs. He accessed personal data, sensitive databases and plans for ‘intelligence’ operations in Afghanistan and Iran. And released them all over the internet.
Gamble was leader of the ‘Crackas With Attitude’ (CWA) group that launched a range of attacks on senior US government members in 2015. He is said to have coerced call centre and helpline staff into revealing their broadband and cable passwords. He also targeted a CIA director’s email, iCloud accounts and home phone number with strategic social engineering. In October 2017 Gamble pleaded guilty to ten offences under the Computer Misuse Act.
Social engineering is probably the biggest threat to security to date. Humans are always the weakest link. Gamble simply phoned up companies using a public number to gain access or reset accounts. He phoned Verizon and pretended to be an employee to trick the company into sharing private information about his targets (good one, Verizon). The security measures that were in place to stop things like this happening (personal security questions etc), didn’t happen.
It’s quite a terrifying insight into the security procedures in place at big companies, with the ease of access in these cases. This will most definitely happen again.