The Kids Who Hacked The CIA: How Teenagers Outsmarted America's Intelligence Elite
Introduction: When Bedroom Hackers Embarrassed the World's Most Powerful Intelligence Agencies
In 2015, the most powerful intelligence agencies in the world were brought to their knees by an unlikely adversary: a group of teenagers operating from their bedrooms. The story of Crackas With Attitude (CWA) is one of the most audacious cybercrime cases in modern history, where a 15-year-old British teenager named Kane Gamble and his American accomplices managed to hack into the personal accounts of CIA Director John Brennan, FBI Deputy Director Mark Giuliano, and other high-ranking U.S. government officials.
What makes this story even more remarkable is that these weren't sophisticated nation-state hackers with advanced tools and unlimited resources. They were kids who used nothing more than social engineering techniques—essentially fancy phone calls—to infiltrate some of the most secure targets in the world. Their methods were so simple that they highlight fundamental vulnerabilities in our digital infrastructure that persist to this day.
This is the complete story of how three teenagers from different continents came together online to pull off one of the most embarrassing security breaches in U.S. intelligence history, and what their actions reveal about cybersecurity in the digital age.
Meet the Crackas: The Unlikely Cyber Gang
Kane Gamble: "Cracka" - The 15-Year-Old Ringleader
Kane Gamble, born October 2, 1999, was just 15 years old when he became the leader of one of the most notorious hacking groups of the 2010s. Living with his parents on a housing estate in Coalville, Leicestershire, England, Gamble operated under the online alias "Cracka" from his bedroom.
Background:
- British teenager from Leicester
- Diagnosed with autism spectrum disorder, with the mental development of a 12-13 year old at the time of the attacks
- Self-taught hacker with strong technical skills but poor emotional maturity
- Motivated by "raising awareness for the situation in Palestine and the war in Iraq"
Justin Liverman: "D3F4ULT" - The American Connection
Justin Gray Liverman, 24 years old at the time, from Morehead City, North Carolina, used the online handle "D3F4ULT." He would ultimately receive the harshest sentence for his involvement in the group.
Profile:
- 25-year-old American from North Carolina
- More technically sophisticated than Gamble
- Described as a "disillusioned American" inspired by Edward Snowden's revelations
- Would later face a 5-year federal prison sentence
Andrew Otto Boggs: "INCURSIO" - The Third Member
Andrew Otto Boggs, 22, from North Wilkesboro, North Carolina, operated under the handle "INCURSIO" and was the third core member of the CWA triumvirate.
Details:
- 23-year-old from North Carolina
- Worked alongside Liverman in the American operations
- Received a 2-year federal prison sentence
- Less prominent role compared to Gamble and Liverman
The Social Engineering Playbook: How Simple Phone Calls Brought Down the CIA
The Anatomy of a CWA Attack
What made CWA so effective wasn't advanced malware or sophisticated hacking tools—it was their mastery of social engineering. According to court documents, "the group didn't gain access into the restricted accounts by way of hacking. Instead, they used social engineering and impersonated their targets and various IT support personnel, purporting to help the victims."
The Basic CWA Method:
- Target Selection: Research high-profile government officials
- Information Gathering: Find publicly available personal details
- ISP Impersonation: Call telecom companies pretending to be the target
- Credential Harvesting: Obtain account passwords and security information
- Account Takeover: Access email accounts, cloud storage, and connected devices
- Escalation: Use obtained access to target additional accounts and contacts
The Verizon and AOL Attacks: Exploiting Customer Service
The core of CWA's success lay in their ability to convince call center workers at major telecommunications companies. "Gamble had convinced call center workers at Verizon and AOL to provide him with personal details of Brennan, Johnson, and then-FBI director Mark Giuliano, and then used those details to access their online profiles."
Specific Techniques Used:
Impersonation Calls: For example, "on October 11, 2015, one of the suspects allegedly accessed the account belonging to Brennan by posing as a technician from Verizon."
Password Reset Exploitation: After gaining initial access, "the suspect then tricked another Verizon employee into resetting the password for Brennan's Internet service."
Cross-Platform Pivoting: Once they had ISP access, they moved to email providers like AOL to gain full account control.
Social Engineering Psychology: The hackers exploited several psychological factors:
- Authority bias (pretending to be tech support)
- Urgency (claiming emergency situations)
- Familiarity (using personal details to appear legitimate)
- Helpfulness (customer service representatives wanting to assist)
The Victims: High-Profile Targets Across the U.S. Government
CIA Director John Brennan: The Primary Target
The attack that brought CWA to international attention was their breach of CIA Director John Brennan's personal AOL email account. The hackers called themselves "Cracka" and claimed to be "part of a group called Crackas With Attitude (CWA)."
What CWA Accessed:
- Brennan's security clearance application form
- Documents on Iran and CIA interrogation practices
- Advice on handling Pakistan and the war in Afghanistan
- Personal information about his associates
- Access to Brennan's iCloud account and control of his wife's iPad
The Hackers' Message: When Brennan contacted the hackers asking what they wanted, "they replied: 'We just want Palestine to be free and for you to stop killing innocent people.'"
Director of National Intelligence James Clapper
CWA also targeted Director of National Intelligence James Clapper, breaking into "a personal email and phone account of Clapper and his wife." The hackers demonstrated their access by routing his phone calls to pro-Palestinian organizations.
FBI Deputy Director Mark Giuliano
CWA targeted FBI Deputy Director Mark Giuliano and his wife, accessing their AOL email accounts. In a particularly audacious move, "the Cracka and his associates downloaded the movie Hackers, V for Vendetta and a porn film onto Hess's digital recorder," referring to FBI executive assistant Amy Hess.
White House Officials
John Holdren - Obama's senior advisor on science and technology had his "home phone and email accounts" compromised, with the hackers setting "all of his calls to forward to the Free Palestine Movement."
Avril Haines - Obama's deputy national security adviser was also among the targets.
Homeland Security Secretary Jeh Johnson
CWA didn't just access Johnson's accounts—they sent a clear message. The hackers "posted the message, 'I own you,' on the home TV of the US Homeland Security Secretary Jeh Johnson, and left Johnson's wife a creepy voicemail message in which he asked: 'Am I scaring you?'"
The Data Breach: Massive Intelligence Leak
Scope of the Breach
The CWA attacks resulted in one of the largest intelligence leaks of the 2010s. The group "leaked the personal details of 20,000 FBI agents, 9,000 Department of Homeland Security officers, and some number of DoJ staffers in 2015."
What Was Compromised:
- FBI Law Enforcement Enterprise Portal: CWA "managed to compromise JABS (Joint Automated Booking System), which is a secret portal responsible for managing federal arrests records of law enforcement agencies."
- Personal Information: Home addresses, phone numbers, and family details of thousands of federal agents
- Classified Documents: The court noted that Gamble accessed "extremely sensitive" documents referring to operations (military and intelligence) in Iraq and Afghanistan
- Security Clearance Data: Background investigation materials and personal security details
WikiLeaks Connection
The hackers shared some of their obtained intelligence with WikiLeaks, which "began publishing documents from 'Brennan's non-government email accounts.'" This elevated the breach from a prank to a serious national security incident.
The Digital Trolling Campaign: Psychology of Teenage Hackers
Social Media Bragging
CWA wasn't content with just obtaining access—they wanted the world to know about their success. They "were loud and trolly. For them, it wasn't really about the hacking, it was about the noise they made after claiming their latest victim."
Twitter Campaigns: The group extensively used Twitter to showcase their work, posting screenshots and taunting messages to their targets.
Direct Confrontation: The hackers went beyond digital attacks, leaving threatening voicemails and posting messages directly on their victims' personal devices.
The "Stoner Hacker" Persona
When asked about their sophistication level during a CNN interview, Gamble said: "I would kind of put us, like, in the middle, maybe? We're not, like, stupid. But we're not really smart." He also admitted: "I smoke pot," contributing to their image as "stoner high school students."
This casual attitude masked the serious nature of their crimes and contributed to initial underestimation by law enforcement.
The Investigation: How the FBI Caught the Crackas
Digital Forensics and International Cooperation
The investigation into CWA required unprecedented cooperation between U.S. and British law enforcement agencies. The FBI opened criminal probes into the attacks, working with British authorities to track down the perpetrators.
Key Evidence:
- Digital footprints from social media accounts
- Phone records from the social engineering calls
- IP address tracking and network analysis
- Financial records and communication patterns
The Arrests Begin
Kane Gamble: Gamble was arrested at his home "on February 9 last year at the request of the FBI" in a coordinated operation with British police.
American Accomplices: In September 2016, "the FBI arrested two CWA hackers Otto Boggs and Justin Gray Liverman."
The Legal Aftermath: Justice Served
Kane Gamble's Sentencing
In April 2018, Kane Gamble was sentenced to two years in a youth detention facility. Judge Charles Haddon-Cave called it "an extremely nasty campaign of politically motivated cyber terrorism."
Charges: Gamble pleaded guilty to 10 charges: eight of "performing a function with intent to secure unauthorized access" and two charges of "unauthorized modification of computer material."
Mitigating Factors: The defense argued that Gamble "was technically gifted but emotionally immature and has an autistic spectrum disorder" and "at no point did Gamble attempt to profit from his actions."
American Sentences
Justin Liverman (D3F4ULT): Received five years in federal prison despite the fact that "he hadn't actually hacked any accounts himself" but had agreed to a plea deal.
Andrew Otto Boggs (INCURSIO): Was "sentenced to two years in prison on June 30, 2017, for his role."
Total Damage: Combined, "the hackers claimed at least 10 victims and caused about $1.5 million in damages, according to the Justice Department."
Technical Analysis: How The Attacks Actually Worked
Social Engineering Methodology
The CWA attacks represent a textbook case of advanced social engineering. Let's break down their techniques:
Pre-Attack Reconnaissance:
- OSINT Gathering: Research targets through public records, social media, and news articles
- Personal Detail Collection: Find birthdate, address, family information
- Service Provider Identification: Determine which ISPs and email providers targets used
- Organizational Chart Mapping: Understand relationships between targets
The Attack Phase:
Step 1: Initial Contact
- Call ISP customer service pretending to be the target
- Use gathered personal information to verify identity
- Claim account access problems or security concerns
Step 2: Information Extraction
- Request password resets citing "forgotten" credentials
- Ask for account recovery questions and answers
- Obtain backup email addresses and phone numbers
Step 3: Account Takeover
- Use obtained credentials to access primary email accounts
- Reset passwords for other connected services
- Enable two-factor authentication under hacker control
Step 4: Lateral Movement
- Access contact lists to identify new targets
- Read emails to gather intelligence for future attacks
- Compromise connected devices (iPads, smart TVs, etc.)
Technical Vulnerabilities Exploited
Weak Authentication Protocols:
- ISPs relying solely on personal information for identity verification
- Lack of robust caller verification systems
- Insufficient training for customer service representatives
Interconnected Account Ecosystems:
- Email accounts linked to multiple services
- Automatic password reset chains across platforms
- Cloud synchronization creating multiple attack vectors
Human Factors:
- Customer service representatives trained to be helpful
- Lack of security awareness in call center operations
- No verification protocols for sensitive account changes
The Aftermath: Life After CWA
Kane Gamble's Redemption Story
After serving his sentence and being banned from internet access until April 20, 2020, Gamble has attempted to rebuild his life. "As soon as it hit midnight, I made a Twitter and got in touch with old close white hat friends."
Current Activities:
- Working toward a career in cybersecurity: "learning as much as he can about web applications, mobile security, and internet infrastructure—'everything that's relevant to a pentesting role.'"
- Bug bounty hunting: "He said he found flaws in two popular messaging apps and got a bug bounty through the company's programs."
- Expressing remorse: "I think a lot of the stuff was more serious than I thought at the time, [I] didn't realize how serious it was until I was charged."
Lessons Learned (Or Not Learned)
The CWA case highlighted critical vulnerabilities in how organizations protect high-value targets. However, many of the fundamental issues they exploited remain problematic today:
Persistent Vulnerabilities:
- Social engineering remains highly effective
- ISP customer service security practices vary widely
- Many organizations still lack comprehensive security training
- The human element continues to be the weakest link in cybersecurity
Impact on Cybersecurity: What CWA Changed
Government Response
Policy Changes:
- Enhanced security protocols for high-ranking officials
- Improved training for telecommunications customer service
- Better coordination between agencies and private sector
- Increased awareness of social engineering threats
Technical Improvements:
- Multi-factor authentication requirements
- Enhanced identity verification procedures
- Better monitoring of high-value accounts
- Improved incident response protocols
Industry Impact
Social Engineering Awareness: The CWA case became a textbook example of social engineering attacks, leading to:
- Enhanced cybersecurity training programs
- Better customer service security protocols
- Improved identity verification systems
- Greater awareness of human-factor vulnerabilities
Cultural Shift:
- Recognition that teenagers could pose serious national security threats
- Understanding that political motivation drives sophisticated attacks
- Awareness that simple techniques can compromise complex systems
- Realization that social media amplifies attack impact
The Broader Context: Teen Hackers in the Digital Age
The Anonymous Legacy
CWA represented a new generation of hacktivist groups: "In some ways, CWA were the children of Anonymous—if the hacktivist group spawned teenage rebels without a cause and with a pinch of self-deprecation."
Characteristics of Teen Hacker Groups:
- Political motivation mixed with desire for attention
- Social media as primary platform for showcasing attacks
- Sophisticated understanding of social engineering
- Lack of awareness regarding legal consequences
The Palestine Connection
CWA's political motivation centered on Palestinian activism and opposition to U.S. foreign policy. Gamble stated he was motivated by "US policy towards Palestinians" and aimed to "raise awareness for the situation in Palestine and the war in Iraq."
This highlights how global political issues can motivate cyber attacks against any nation, regardless of the attackers' technical capabilities or geographic location.
Modern Implications: What CWA Teaches Us About Today's Threats
Social Engineering Evolution
While CWA's attacks occurred nearly a decade ago, their techniques remain relevant:
Current Variations:
- Vishing 2.0: AI-generated voice cloning for more convincing impersonation
- SIM Swapping: Direct attacks on mobile carriers using similar social engineering
- Business Email Compromise: Sophisticated impersonation targeting corporate executives
- COVID-era Attacks: Exploiting remote work vulnerabilities and changed protocols
The Human Factor Persists
Despite technological advances, the fundamental vulnerabilities CWA exploited remain:
Unchanged Challenges:
- Customer service representatives still primary attack vector
- Personal information readily available through data breaches
- Social media provides extensive reconnaissance opportunities
- Psychological manipulation techniques continue to be effective
Defense Strategies:
- Zero Trust Verification: Never rely solely on caller-provided information
- Multi-Channel Authentication: Require verification through multiple independent channels
- Employee Training: Regular security awareness education for all staff
- Incident Response: Rapid detection and response to social engineering attempts
Prevention and Defense: Learning from CWA
Organizational Security Measures
High-Value Target Protection:
- Enhanced Personal Security: Special protocols for executives and officials
- Information Compartmentalization: Limit personal information exposure
- Dedicated Support Channels: Secure communication methods for account issues
- Regular Security Assessments: Ongoing evaluation of personal digital security
Technical Controls:
- Advanced Authentication: Hardware tokens and biometric verification
- Account Monitoring: Real-time alerts for unusual account activity
- Network Segmentation: Isolated systems for sensitive communications
- Regular Audits: Continuous assessment of security controls
Individual Protection Strategies
Personal Security Hygiene:
- Use unique, complex passwords for all accounts
- Enable multi-factor authentication wherever possible
- Limit personal information sharing on social media
- Be skeptical of unsolicited contact attempts
Social Engineering Awareness:
- Verify identity through independent channels
- Never provide sensitive information over phone or email
- Be suspicious of urgent requests or pressure tactics
- Maintain healthy skepticism about authority claims
The Psychology of Teen Hackers: Understanding the Motivation
Why Teenagers Become Elite Hackers
Developmental Factors:
- Risk-Taking Behavior: Adolescent brain development encourages risk-taking
- Identity Formation: Hacking provides sense of identity and belonging
- Authority Challenges: Natural teenage rebellion channeled into cyber attacks
- Instant Gratification: Immediate feedback from successful attacks
Technical Advantages:
- Time Availability: School schedules allow extensive computer time
- Learning Agility: Young minds adapt quickly to new technologies
- Social Networks: Online communities provide knowledge sharing
- Low Risk Perception: Limited understanding of legal consequences
The Path from Curiosity to Crime
The Progression:
- Initial Interest: Curiosity about how systems work
- Skill Development: Learning through online communities and resources
- First Success: Small victories build confidence and addiction
- Social Connection: Finding like-minded individuals online
- Escalation: Increasingly ambitious targets and methods
- Political Justification: Adopting causes to rationalize illegal activity
Conclusion: The Enduring Legacy of Crackas With Attitude
The story of CWA serves as a powerful reminder that in cybersecurity, sophistication doesn't always win—sometimes simple, well-executed social engineering can defeat the most advanced technical defenses. As security expert Adrian Shahbaz noted, "With so much emphasis on sophisticated Chinese cyber-attacks, we miss the bigger security risk of social engineering."
Key Lessons from the CWA Case:
Technology Isn't Everything: The most advanced cybersecurity systems are only as strong as their weakest human link. CWA proved that teenagers with basic social engineering skills could outmaneuver billion-dollar intelligence agencies.
Motivation Matters: Political motivation can drive individuals to take extraordinary risks and achieve remarkable results. Understanding attacker psychology is crucial for effective defense.
Social Media Amplifies Impact: The combination of successful attacks and social media broadcasting creates reputational damage that far exceeds the technical impact of the breaches themselves.
International Cooperation Is Essential: Modern cyber threats require unprecedented cooperation between law enforcement agencies across national boundaries.
Prevention Is Better Than Cure: The cost of implementing proper security controls is always less than the cost of recovering from a successful attack.
The Human Element in Cybersecurity
The CWA story ultimately highlights that cybersecurity is fundamentally about people, not just technology. As Kane Gamble himself reflected: "I'm not that person anymore [...] I was young and stupid." This transformation from teenage hacker to cybersecurity professional illustrates the potential for redemption and the importance of channeling technical skills toward constructive purposes.
For cybersecurity professionals, the CWA case provides a masterclass in social engineering techniques and a stark reminder that threats can come from the most unexpected sources. A 15-year-old with a smartphone and internet connection can pose a greater threat to national security than a well-funded criminal organization if they understand human psychology and have the motivation to act.
Looking Forward
As we move deeper into the digital age, the lessons from CWA remain more relevant than ever. Social engineering attacks continue to evolve, but the fundamental vulnerabilities they exploited—human trust, helpful customer service, and interconnected digital systems—persist.
The challenge for organizations is not just to implement technical controls, but to create a security culture that recognizes and mitigates human-factor risks. This means training employees to be appropriately skeptical, implementing robust verification procedures, and maintaining awareness that the next major breach might come not from a sophisticated nation-state actor, but from a teenager in their bedroom who's figured out how to manipulate the helpful person answering the phone at your ISP.
The kids who hacked the CIA showed us that in cybersecurity, sometimes the most dangerous adversaries are the ones you least expect. Their story serves as both a cautionary tale and a call to action: in our interconnected world, security is everyone's responsibility, and complacency is the greatest vulnerability of all.
This article is based on publicly available court records, news reports, and documented cybersecurity incidents. The techniques described should only be used for educational purposes and authorized security testing. Unauthorized access to computer systems is illegal and can result in serious criminal penalties.
Sources:
[1] Vice.com - What It’s Like for a Hacker to Get Back Online After a Two-Year Internet Ban (2020)
https://www.vice.com/en/article/z3ekk5/kane-gamble-cracka-back-online-after-a-two-year-internet-ban
[2] Vice.com - Teen Hackers: A '5-Year-Old' Could Have Hacked into CIA Director's Emails (2015)
[3] CNN - CIA hacker talks about breaching emails (2015)
https://www.youtube.com/watch?v=GikwKfNZMOA&ab_channel=CNN
[4] Darknet Diaries - EP 139: D3f4ult (2023)
https://darknetdiaries.com/transcript/139/
[5] Investopedia - Who Actually Owns Student Loan Debt? (2024)
Federal Trade Commission - Buying or selling debts? Steps for keeping data secure
https://www.ftc.gov/business-guidance/resources/buying-or-selling-debts-steps-keeping-data-secure
Understand the NIST Cybersecurity Framework https://www.ftc.gov/business-guidance/small-businesses/cybersecurity/nist-framework
[6] BBC - Denmark passes law to ban bestiality (2015)
https://www.bbc.com/news/newsbeat-32411241
[7] Techworm.net - Anonymous launch #OpBeast against animal cruelty and depravity
https://www.techworm.net/2015/04/anonymous-launch-opbeast-against-animal-cruelty-and-depravity.html
[8] mirror.co.uk - Anti-bestiality hackers target vile "dog rape" (...) to banish animal sex from the web (2015)
[9] Hackread.com Anonymous Hacks and Removes X-Rated Animal Abuse Websites
https://www.hackread.com/anonymous-hacks-animal-abuse-websites/
[10] Nytimes.com - Denmark: Bestiality Is Banned Amid Concerns of Sex Tourism
[11] The Guardian - Edward Snowden: the whistleblower behind the NSA surveillance revelations (2013)
https://www.theguardian.com/world/2013/jun/09/edward-snowden-nsa-whistleblower-surveillance
[12] avalonlibrary.net - Snowden, Edward. Permanent Record Loc 123
https://avalonlibrary.net/ebooks/Edward%20Snowden%20-%20Permanent%20Record.pdf
[13] The Guardian - Two years' detention for UK teenager who 'cyberterrorised' US officials (2018)
[14] vice.com - Teen Who Hacked CIA Email Is Back to Prank US Spy Chief (2016)
https://www.vice.com/en/article/4xav5m/teen-who-hacked-cia-email-is-back-to-prank-us-spy-chief
[15] dw.com - British teen accessed accounts of top US officials (2018)
[16] archive.org - Snowden Interview In English ARD 480p (2014)
https://archive.org/details/SnowdenInterviewInEnglishARD480p
[17] wired.com -Teen Who Hacked CIA Director's Email Tells How He Did It (2019)
[18] wikileaks.org - CIA Director John Brennan emails (2015)
https://wikileaks.org/cia-emails/
https://wikileaks.org/cia-emails/Torture/Torture.pdf
[19] vice.com - WikiLeaks Publishes Documents From Hacked CIA Director Email Account (2015)
[20] bbc.com - Two years for teen 'cyber terrorist' who targeted US officials (2018)
https://www.bbc.com/news/uk-england-leicestershire-43840075
[21] judiciary.uk - KANE GAMBLE / SENTENCING REMARKS OF THE HON. MR JUSTICE HADDON-CAVE
https://www.judiciary.uk/wp-content/uploads/2018/04/r-v-gamble-sentencing.pdf
[22] BBC News - BBC East Midlands Today (2018)
https://www.youtube.com/watch?v=Nj6CwY3tXWQ&ab_channel=JeremyB
[23] dailydot.com - U.K. police arrest teenage hacker who allegedly broke into CIA director’s email (2021)
https://www.dailydot.com/debug/cracka-hacker-cia-john-brennan-email-arrested/
[24] bankinfosecurity.com - Feds Bust Alleged 'Crackas With Attitude' Hackers (2016)
https://www.bankinfosecurity.com/feds-bust-alleged-crackas-attitude-hackers-a-9389
[25] vice.com - Teen Who Hacked Ex-CIA Director John Brennan Gets Sentenced to 2 Years of Prison (2018)
https://www.vice.com/en/article/pax87v/kane-gamble-crackas-with-attitude-cwa-sentence-prison
[26] vice.com - What It’s Like for a Hacker to Get Back Online After a Two-Year Internet Ban (2020)
https://www.vice.com/en/article/z3ekk5/kane-gamble-cracka-back-online-after-a-two-year-internet-ban
[27] The Washington Post - Hacker who harassed leaders from CIA and FBI is sentenced to 5 years in prison (2017)
[28] buzzfeednews.com - America's Spies Want Edward Snowden Dead (2014)
https://www.buzzfeednews.com/article/bennyjohnson/americas-spies-want-edward-snowden-dead
[29] motherjones.com - One of the Most Controversial US Spy Programs Just Got Quietly Renewed (2023)
[30] The Washington Post - FBI misused surveillance tool on Jan 6. suspect, BLM arrestees and others
https://www.washingtonpost.com/national-security/2023/05/19/fbi-digital-surveillance-misuse-jan6-blm
[31] Reuters - FBI misused intelligence database in 278,000 searches, court says (2023)
[32] United State’s Attorney's Office - Man Sentenced to 5 Years for Hacking Conspiracy that Targeted Senior U.S. Government Officials (2017)
