Kane Gamble, a 15-year-old from the UK, hacked CIA ex-chief John Brennan in the year

2015. He was part of a hacking group that targeted important government employees such as ex-

FBI director Mark Giuliano, Avril Haines, Amy Hess, and James Clapper. He used simple

hacking methods such as calling help desks, convincing the staff that he is a genuine caller to

gain access to accounts or reset passwords. By accessing the email account, he was able to leak

documents he was able to obtain. Kane was able to access Brenna's icloud account and took

control over his wife's Ipad by resetting the password. 

Kane Gamble employed a social engineering method known as "phone hijacking", where

he contacted the various phone and broadband service providers of his victims, and through

persuasion about his identity being genuine, he was able to gain hold of the victim's passwords.

They should have been trained and educated on the possible scams and the methods used by

criminals to gather sensitive information about the customers. The employment of poor security

measures by the service providers to transfer information is a cause for these attacks. For

instance, at AT&T, to transfer information, all they need is information that is found on the

victim's phone bill. If the fake caller pretends that they can't remember their password, then they

are required to provide the information on the bill to get through. The service providers should

have implemented better security measures and procedures to give out passwords to callers who

feign to forget their credentials.

This type of attack can be prevented by implementing and following these measures:

1. Introducing a passcode for the account helps in preventing hackers from getting access to

it.
2. Using multiple email addresses to access different accounts helps in the prevention of

phone hijacking. For example, using the different email address to access mobile-carriers

account, a different one to access sensitive accounts such as Facebook, or online backing

and put in place a different email address as their primary address. Using different

accounts prevents hackers from hacking into other accounts that contain sensitive data.

Most of the victims of these attacks use only one email address with the same password

for all the accounts that they hold. So if the hackers get hold of that single email address,

then all is lost. 

3. Disabling online access to one's wireless account is another way to stop hackers from

gaining access

4. Informing the mobile services providers that changes to one's account are allowed to be

made only in person with valid identity proof and not through phone.

5. Using google voice helps users not to fall for the phone hijacking scam as google voice

locks the phone number to a specific person. 

6. To protect online accounts, the victims should have created unique and high entropy

passwords that are different to each and every online account they hold. 

7. Using different security questions with slightly different answers across various sites

makes it difficult for intruders to gain access to any other website (Weisbaum, 2018). 

8. Another important preventive measure that could have been employed was separating the

main phone number from sensitive accounts. 

9. Using a one-time passcode every time to login instead of using saved passwords could

have helped the victims from falling for the ways of the hackers.
10. Using devices that support biometric authentication to access data and sensitive

information makes it difficult for hackers to carry out attacks.

References

Weisbaum, H. (2018). How hackers are hijacking your cell phone account. Retrieved from

https://www.nbcnews.com/business/consumer/how-hackers-are-hijacking-your-cell-

phone-account-n859986