Data lives matter, yet while we little people seem to remain vulnerable and victims of phishing and hacking, even those tasked with working to protect against cyber attacks, too are themselves victims.
This story is extraordinary given all the cyber intelligence officials have in their possession and the protections they should have at the taxpayer expense, while others fend for themselves with off the shelf protections.
Even more remarkable is the media was quite thin on reporting any of this in detail in 2017 until the case heard in a United Kingdom courtroom.
British 15-year-old gained access to intelligence operations in Afghanistan and Iran by pretending to be head of CIA, court hears
A 15-year-old gained access to plans for intelligence operations in Afghanistan and Iran by pretending to be the head of the CIA to gain access to his computers, a court has heard.
From the bedroom of the Leicestershire home he shared with his mother, Kane Gamble used “social engineering” – where a person builds up a picture of information and uses it manipulate others into handing over more – to access the personal and work accounts of some of America’s most powerful spy chiefs .
The teenager persuaded call handlers at an internet giant that he was John Brennan, the then director of the CIA, to gain access to his computers and an FBI helpdesk that he was Mark Giuliano, then the agency’s Deputy Director, to re-gain access to an intelligence database.
He also targeted the US Secretary of Homeland Security and Barack Obama’s Director of National Intelligence from his semi-detached council house in Coalville.
Gamble taunted his victims online, released personal information, bombarded them with calls and messages, downloaded pornography onto their computers and took control of their iPads and TV screens, a court heard.
Mr Justice Haddon-Cave noted: “He got these people in his control and played with them in order to make their lives difficult.
John Lloyd-Jones QC, prosecuting, said that Gamble founded Crackas With Attitude (CWA) in 2015, telling a journalist: “It all started by me getting more and more annoyed about how corrupt and cold blooded the US Government are so I decided to do something about it.”
Mr Lloyd-Jones said that it was a common misconception that the group were hackers when in fact they used “social engineering” to gain access to emails, phones, computers and law enforcement portals.
“It involves manipulating people, invariably call centre or help desk staff, into permitting acts or divulging confidential information,” the prosecutor said.
Gamble, who has pleaded guilty to ten offences under the computer misuse act, first targeted Mr Brennan and gained access to his Verizon internet account by pretending first to be employee of the company and then Mr Brennan himself, building up an increasingly detailed picture.
At first he was denied access to his computers as he could not name Mr Brennan’s first pet, but on later calls the handler changed the pin and security questions.
He used similar methods to access Mr Brennan’s AOL account and eventually Gamble was able to access his emails, contacts, his iCloud storage account and his wife’s iPad remotely.
Mr Lloyd-Jones QC said: “He accessed some extremely sensitive accounts referring to, among other things, military operations and intelligence operations in Afghanistan and Iran.”
Gamble, who is now 18, later posted sensitive information on Twitter and Wikileaks and taunted officials about his access, sometimes using the tag #freePalestine and claiming it was because the US Government was “killing innocent people”.
Gamble used similar techniques to hack the home broadband of Jeh Johnson, the Secretary of Homeland Security, and was able to listen to his voicemails and send texts from his phone.
He bombarded Mr Johnson and his wife with calls, asking her: “Am I scaring you?” and left messages threatening to “bang his daughter”, the court heard.
Around October 2015, when Gamble turned 16, gained access to Mr Giuliano’s home accounts by pretending to be the FBI boss and using the information gained he accessed the FBI’s Law Enforcement Enterprise Portal (Leap).
Mr Lloyd-Jones QC described it as “a gateway providing law enforcement agencies, intelligence groups and criminal justice agencies access to beneficial resources”.
This included criminal intelligence and details of police officers and government employees, and Gamble boasted: “This has to be the biggest hack, I have access to all the details the Feds use for background checks.”
The FBI had realised that their system was breached and the password was changed, but at one point Gamble managed to change it and regain access by pretending to be Mr Giuliano in a call to the helpdesk.
He used his access to steal and post online personal details of Officer Darren Wilson who shot and killed black teenager Michael Brown in Ferguson Missouri.
At the same time he harassed the Giuliano family and people associated with them and bombarded them with calls, meaning that they were forced to seek protection from the intelligence agencies and an armed guard was placed at their home.
Mr Obama’s senior science and technology adviser John Holdren had his personal accounts hacked and Gamble passed all of his personal details to an accomplice who used them to make hoax calls to the local police claiming that there was a violent incident at Mr Holdren’s house resulting in an armed swat team being deployed.
His eight month reign of chaos was brought to an end in February 2016 after he gained access to the US Department of Justice’s network over a number of days, accessing details of 20,000 FBI employees and case files including that on the Deepwater Horizon Oil Spill.
The FBI and the US secret service had such concern over the material that he had seen that they immediately called police in the UK and he was arrested at his home.
The Old Bailey also heard that he accessed the private calls and emails of Avril Haines, the White House deputy national security adviser and FBI Special Agent Amy Hess.
In the case of Ms Hess he downloaded films on to her computer, including one called Hackers and V for Vendetta as well as a pornographic title. He changed an equipment list on her computer to a list of derogatory terms.
James Clapper, Director of National Intelligence under President Obama, was also targeted and all of his home phone calls were diverted to the Free Palestine Movement.
Vonna Weir Heaton, the former intelligence executive of the US National Geospatial Intelligence Agency. Had her social media accounts access by Gamble who sent messages pretending to be her.
At one point on an internet chat he said that he had considered not sharing any more information “because it put lives at risk, but then I thought they are killing innocent people every day”, the court heard.
Medical experts for the defence argue that he is on the autism spectrum and at the time of his offending had the mental development of a 12 or 13-year-old.
He has no friends to speak off and is closest to his mother Ann, a cleaner who reportedly won a £1.6million lottery jackpot in 1997 but “lost all the money on doomed property deals”.
William Harbage QC said that after his arrest he told doctors “it was kind of easy” and that he had little consequences of his actions “in his bedroom on the internet thousands of miles away”.
Mr Justice Haddon-Cave will sentence him on a date to be fixed.
It seems strange that a child with the mental capacity of a 12 or 13 year old can be put on trial for something as serious as this. As soon as that was established, the case should have been thrown out. Still he did rather well for one with that capacity.