The FBI is warning politicians and law-enforcement officials that they could be at increased risk of having their email accounts hacked.
The agency’s Internet Crime Complaint Center issued an alert on Wednesday advising officers and public officials to be "highly aware of their email account security and their online presence and exposure."
The advisory comes as investigators try to track down the hacker or hackers who last month breached an AOL email account used by CIA Director John Brennan and posted screenshots of some of his personal information online.
A teen who said he was part of a hacking collective called Crackas With Attitude claimed responsibility for the cyber intrusion. He told Wired magazine he posed as a Verizon worker to trick another employee into revealing Brennan’s personal information. He said he then used the info to reset the password on the spy chief’s AOL account, commandeering it for a while before it was disabled.
In its advisory, the FBI seemed to allude to the Brennan hack without mentioning it by name:
"In a recent threat, a threat actor typically contacts the Internet Service Provider (ISP) of the target, poses as an employee of the company, and requests details regarding the target's account. Utilizing these details, the caller then contacts the target's email provider, successfully provides answers to security questions established for the email account, and is granted a password reset for the account. Ultimately, the actor gains access to the victim’s email account and begins to harvest personal or other information."
The FBI said "hacktivists" might also target law-enforcement personnel and public officials through "doxing" — using sources on the Internet to find and compile information about a person and then posting it online.
"The personal information gathered from social media and other Web sites could include home addresses, phone numbers, email addresses, passwords, and any other information used to target an individual during a cyber attack," the advisory said. "The information is then posted on information-sharing Web sites with details suggesting why the individual should be targeted."
The FBI offered several recommendations for officials to protect themselves from hackers, including enabling two-factor authentication on personal email accounts, turning on all privacy settings on social media sites and keeping one's social media footprint "to a minimum."