Two self-described hackers say they’ve breached an AOL account belonging to CIA Director John Brennan, the New York Post reports. If their claim is true, this means a pair of teenagers has access to the personal files of one of the most powerful men in the world.

The duo, who enjoy recreational pot-smoking and call themselves CWA (“Crackas With Attitude”), told the Post that they were able to access Brennan’s AOL (!) account by resetting his password with personal information they tricked Verizon into providing them. (The similarities to Guccifer are more than just passing.)

Once inside, they say they were able to pull a variety of materials, including what they say is Brennan’s contact list:

—along with other documents they claim are Agency-related:

It appears they were also able to access Brennan’s AT&T wireless account:

Earlier this month, this same Twitter user provided screenshots he says are from inside various personal accounts of Secretary of Homeland Security Jeh Johnson:

Without access to the original documents (if they exist) it’s hard to verify their authenticity. Some of the addresses from Brennan’s purported email address book look incorrect, if not outright fabricated. Other entries could be real; contacts for CIA officers like David Shedd and John Moseman are part of the leaked list, all with “@ugov.gov” addresses, indicating an email system that was shuttered six years ago.

The CWA boys say they’re motivated by their support for Palestine, with numerous tweets in support of the Palestinian people sprinkled along with the CIA-related screenshots. And they do say they’re boys: talking to one of the alleged hackers over IM, he told me “since only 13 i am pretty hype about it.” When I asked how he felt about being labeled a “teen stoner” by the New York Post, he seemed fine: “Me and phphax know each other irl, most of our school and grade are smokers and stoners, so i mean it just kind of describes us in away...I dont find it insulting in anyway. [sic]”

The two have no firm plans to release more evidence of the compromised accounts, and wouldn’t tell me exactly what they’ve even gotten their hands on (they told the Post they have Brennan’s entire “47-page application for top-secret security clearance”). When asked if they would ever do a full release of their materials, I was told only, “We will do the dump when we have enough followers.”

Whether or not CWA are actually pot-smoking pro-Palestinian 13-year-olds, and whether or not they actually hacked Brennan, it’s probably still a good idea, if you work in or with the government, to stop using an AOL email address.

Update: The duo has published on Twitter a screenshot that appears to Brennan’s personal address: brennanva@aol.com (and Social Security number). According to internet WHOIS records, the email was once used to register the website for a daycare center in Reston, VA. The screenshot also includes email and Social Security information for about a dozen other members of the intelligence community.

Contact the author at biddle@gawker.com.
Public PGP key
PGP fingerprint: E93A 40D1 FA38 4B2B 1477 C855 3DEA F030 F340 E2C7