An investigation is underway after someone managed to infiltrate webmail and home broadband accounts belonging to the family of US spymaster James Clapper.
It's believed a hacker got hold of the surveillance chief's personal phone number, delved into his wife's Yahoo! mail inbox, and gained control of the couple's Verizon FiOS account.
"We are aware of the incident and have reported it to the appropriate authorities," a spokesman for Clapper, who is the US Director of National Intelligence, told The Register today.
Verizon also told us it was investigating.
The hacker appears to be the same person who broke into CIA director John Brennan's AOL account (yes, someone still uses AOL) in October. Sensitive documents were revealed by the miscreant, which led to another investigation.
In both cases, the hacks don't appear to be the work of masterful computer code exploiting obscure software vulnerabilities. Instead it seems the most likely method was social engineering of the CIA and DNI bosses' telecommunications provider – Verizon.
It's not that hard to do if staff are sloppy about security. Someone can simply call up a telco employee at work, pretend to be a colleague, and get enough information to call the help desk and request an account password reset to gain access.
A lot of successful hacks start off with social engineering. Kevin Mitnick, one of the early masters of this technique, claimed that most of the accounts he was able to hijack came down to a plausible telephone manner and being polite to reception staff in companies he was attempting to breach.
As for the Clapper family, callers to their home were apparently redirected to representatives of the Free Palestine Movement. The miscreant claiming responsibility said they committed the hack to draw attention to the situation in Palestine, which was also cited as a motive in the mischief with Brennan's email account. ®