One hacking mystery has been solved — although it’s not the one that mattered most. The OPM hack exposed raw investigative files for cleared personnel and all of their personal data. The hacks into the personal e-mails of intelligence chief James Clapper and DHS Secretary Jeh Johnson were more embarrassing than substantively damaging, or so the Obama administration claimed. Now British authorities have arrested a 16-year-old suspect in the hackings and may face extradition to the US, ABC News reported this morning:
British authorities, with help from the FBI, have arrested a teenager they believe is behind a series of cyberattacks targeting some of the highest officials in U.S. government, two sources with knowledge of the matter told ABC News.
Authorities are trying to determine whether others may have been involved, the sources said. The 16-year-old has not been named.
For the past several months, a group calling itself “Crackas With Attitude” has been disclosing private information associated with such high-ranking officials as CIA Director John Brennan, Director of National Intelligence James Clapper, Homeland Security Secretary Jeh Johnson.
Information about rank-and-file employees working for the FBI, Justice Department and the Department of Homeland Security were posted online this week, though sources described the pilfered information as amounting to an internal phone directory.
According to CNN, this suspect may also have conducted the hack and exposure of the names of 20,000 FBI employees earlier this week. That expedited the arrest, CNN reports, because investigators believe that the suspect got access to more damaging data:
This week, the latest target became apparent when personal details of 20,000 FBI employees surfaced online.
By then a team of some of the FBI’s sharpest cyber experts had homed in on their suspect, officials said. They were shocked to find that a “16-year-old computer nerd” had done so well to cover his tracks, a U.S. official said.
Investigators also found the intruder had gotten access to a shared computer drive with sensitive documents, such as some related to investigations and legal agreements in the works.
That prompted law enforcement officials to seek an arrest more quickly.
Motherboard, which broke the news of the latest hack on the Departments of Justice and Homeland Security, claims to have been in touch with the arrested teen:
On Wednesday night, Motherboard spoke to the teenager accused of being Cracka. “I got [expletive] v&,” he told Motherboard, using “v&,” the slang for “vanned,” or getting arrested. (At this point, the arrest had not been made public.) “They’re trying to ruin my life.”
The teenager said authorities arrested him on Tuesday, and are accusing him of the attacks on Brennan, White House officials, and the recent hack on the Department of Justice, which resulted in the publication of the names and contact information almost 30,000 FBI and DHS employees.
The alleged hacker, who declined to reveal his real name, said he refused to answer any questions from the police, and was subsequently released on bail after spending 7 hours in a cell. He also denied being Cracka, saying “I’m not who you think I am ;) ;) ;)”
“I’m innocent until proven guilty so I have nothing to be worried about,” he said, adding that the authorities seized this electronic devices, but he could still use the internet from a relative’s device.
That sounds more like bravado than reality. CNN notes that a Twitter account believed to be controlled by the hacker put out this request on Wednesday: “Anyone got a good lawyer?!?!?”
Extradition in this case could be tricky. Normally there would be little issue between the UK and US on extraditing suspects for any crime, but extraditing a minor may be a lot more difficult. The UK could charge and try the suspect instead, given that the crime took place in their country. That might make it easier in the long run, as long as the US could be satisfied that the hacker would not gain access to the Internet for a very long time.