CIA director AOL email hacker coughs to crime

Liverman, 24, to be sentenced in May after inking plea deal

Justin Liverman, arrested by the FBI for breaking into the AOL email account of CIA director John Brennan, has today signed a guilty plea deal in the face of what his lawyers described as "draconian penalties."

Brennan's webmail inbox was hijacked in 2015 and his emails were subsequently published by WikiLeaks. Liverman is among the five individuals collared for their involvement in the mischief, alongside Andrew Boggs in the US and three British teenagers, including one nabbed in February.

Under the handle "D3f4ult," Liverman was alleged to have joined "the conspiracy that referred to itself as 'Crackas With Attitude' or 'CWA'," as the prosecution put it, and targeted senior American government officials.

Liverman, 24, of Morehead City, North Carolina, faced several counts of felony conspiracy for his role in the trans-Atlantic hacking group: the crew was accused of accessing the personal accounts and systems of US government officials including Brennan largely through impersonation and social engineering.

According to prosecutors in the eastern district of Virginia:

Liverman conspired to attempt to intimidate and harass US officials and their families by gaining unauthorized access to victims’ online accounts, among other things. For example, Liverman publicly posted online documents and personal information unlawfully obtained from a victim’s personal account; sent threatening text messages to the same victim’s cellphone; and paid an unlawful “phonebombing” service to call the victim repeatedly with a threatening message.

In November 2015, the conspiracy used that victim's government credentials to gain unlawful access to a confidential federal law enforcement database, where Liverman obtained information relating to dozens of law enforcement officers and uploaded this information to a public website.

Liverman's legal team included lawyers experienced in defending against America's notoriously punitive Computer Fraud and Abuse Act (CFAA) – Tor Ekeland, Jay Leiderman and Marina Medvin. With their assistance, Liverman opted for an agreement in which he entered a guilty plea to a single felony count of conspiracy in return for a reduced sentence.

The agreement stipulates that Crackas With Attitude caused $1.5m in damage, with $95,000 of that caused by Liverman, who still faces a maximum sentence of five years imprisonment and restitution payments. His sentencing hearing will be held on May 12.

Ekeland described Liverman's arrest as "yet another instance where the CFAA's potentially draconian penalties outweigh the actual harm alleged." The legal eagle continued:

That the head of the CIA – an agency that undoubtedly hacks the personal emails of adversaries around the world to blackmail them – failed to use two-step authentication is scandalous.

The same can be said of the FBI's Criminal Justice Information Service, a national law enforcement database that was allegedly accessed through the same simple social engineering technique. Nothing was really hacked in this case, because important government officials and agencies left the door wide open.

One hopes that hostile nation state actors didn't walk through that open door before Justin did.

Sarah Harrison, the acting director of the Courage Foundation, which had raised emergency funds for Liverman, said: "Without CWA, the public would not know that the Director of the CIA did not take adequate precautions around his own security clearance questionnaire. There's barely any point talking about 'cyber attacks' from sophisticated nation state actors when the highest-level officials are leaving the front door wide open." Harrison continued:

If John Brennan will not face any penalty for his negligence, there's no good reason why anyone else should do. Justin Liverman's potential sentence is outrageous given the relative triviality of the Department of Justice's allegations. Courage's emergency appeal for Justin will remain open until he no longer needs our assistance.

Leiderman, known as the Hacktivist's Advocate for his previous defense of Anonymous suspects, said: "Justin has today admitted to taking part in the relatively newly minted beneficent tradition of providing information the public must know to WikiLeaks."

The lawyer said the CWA has "shown the world that the heads of the CIA, the National Cyber Command and US Homeland Security are themselves so cyber-insecure that it appears they were cut straight outta incompetence."

"It's time for the US to stop snooping on citizens and to get its own house in order," Leiderman concluded.

Meanwhile, Boggs, also from North Carolina, is set to plead guilty for his role in the conspiracy on January 10, according to the US Department of Justice. ®

Similar topics

Other stories you might like

  • Research finds consumer-grade IoT devices showing up... on corporate networks

    Considering the slack security of such kit, it's a perfect storm

    Increasing numbers of "non-business" Internet of Things devices are showing up inside corporate networks, Palo Alto Networks has warned, saying that smart lightbulbs and internet-connected pet feeders may not feature in organisations' threat models.

    According to Greg Day, VP and CSO EMEA of the US-based enterprise networking firm: "When you consider that the security controls in consumer IoT devices are minimal, so as not to increase the price, the lack of visibility coupled with increased remote working could lead to serious cybersecurity incidents."

    The company surveyed 1,900 IT decision-makers across 18 countries including the UK, US, Germany, the Netherlands and Australia, finding that just over three quarters (78 per cent) of them reported an increase in non-business IoT devices connected to their org's networks.

    Continue reading
  • Huawei appears to have quenched its thirst for power in favour of more efficient 5G

    Never mind the performance, man, think of the planet

    MBB Forum 2021 The "G" in 5G stands for Green, if the hours of keynotes at the Mobile Broadband Forum in Dubai are to be believed.

    Run by Huawei, the forum was a mixture of in-person event and talking heads over occasionally grainy video and kicked off with an admission by Ken Hu, rotating chairman of the Shenzhen-based electronics giant, that the adoption of 5G – with its promise of faster speeds, higher bandwidth and lower latency – was still quite low for some applications.

    Despite the dream five years ago, that the tech would link up everything, "we have not connected all things," Hu said.

    Continue reading
  • What is self-learning AI and how does it tackle ransomware?

    Darktrace: Why you need defence that operates at machine speed

    Sponsored There used to be two certainties in life - death and taxes - but thanks to online crooks around the world, there's a third: ransomware. This attack mechanism continues to gain traction because of its phenomenal success. Despite admonishments from governments, victims continue to pay up using low-friction cryptocurrency channels, emboldening criminal groups even further.

    Darktrace, the AI-powered security company that went public this spring, aims to stop the spread of ransomware by preventing its customers from becoming victims at all. To do that, they need a defence mechanism that operates at machine speed, explains its director of threat hunting Max Heinemeyer.

    According to Darktrace's 2021 Ransomware Threat Report [PDF], ransomware attacks are on the rise. It warns that businesses will experience these attacks every 11 seconds in 2021, up from 40 seconds in 2016.

    Continue reading

Biting the hand that feeds IT © 1998–2021