US feds arrest two for spy bosses account hacks

US federal police have arrested two men for allegedly social engineering their way into the personal online accounts of Central Intelligence Agency director John Brennan and the director of national intelligence James Clapper. 

According to the US FBI [pdf], the Crackas with Attitude hacking group attempted to gain access to the personal accounts of US government officials and their family members, as well as government computer systems.  

Police allege Andrew "Incursio" Boggs and Justin "d3f4ult" Liverman were members of the hacking group that they claim broke into CIA boss Brennan's AOL account as well as Clapper's Verizon ISP account. 

According to reports, 17-year olds "Cracka" and "Derp" and the 15-year-old "Cubed", who live in Britain, are also being investigated by the UK Crown Prosecution Service in relation to the incidents, along with three older men. 

The hackers allegedly locked out their victims from services by changing passwords on the accounts they had obtained access to. 

Once the CWA members had control of accounts, they would access information stored within and post it on social media and internet forums to harass people, police allege. 

The "d0xing" or information leaks included US social security numbers, contact details, phone and other bills, email messages, wi-fi passwords and passport details, according to police.

Forms related to the victims' employment at government agencies and which contained sensitive data, were also allegedly posted. Julian Assange's Wikileaks website published the CIA director's files last year. 

Police allege the hackers made crank calls to further harass victims, and also made a false bomb threat to a Palm Beach County, Florida, sheriff's office, as a "swatting" attack. 

Stolen credentials were also used to gain access to the government Law Enforcement Enteprise Portal (LEEP), the FBI says.

This provided access to resources such as the Joint Automated Booking System (JABS) for management of prisoners and arrested individuals, the FBI's Internet Crime Complaint Centre (IC3) and more. 

In January this year, police claim the hackers posted data on more than 80 law enforcement officers working in the Miami, Florida area on the Pastebin and Cryptobin websites. 

The data was obtained from LEEP, and included names, titles, work phone numbers and email addresses of police officers. 

The hackers mainly used Twitter to communicate with each other, the court complaint shows. Police obtained the IP addresses associated with the hacking group members' accounts, as well as the content of direct messages they sent from Twitter.

Police also searched Boggs and Liverman's computes and said they found screen grab videos and images of the pair hacking, as well as paid-for "phonebombs" that resulted in calls being placed to Brennan and Clapper's government-issued mobile phones every hour for a month.