Threat Group: CWA
Aliases
Crackas With Attitude // DotGovs
Criminal History:
- Social Engineering several high ranking government officials
- Posting Personally Identifiable Information (PII) of ~30k government and military officials
- Social engineering and posing PII of several high ranking government officials' family members
CWA, or Crackas With Attitude, is a now-defunct hacking collective that specialized in social engineering. Their technical skillset seemed to be rather limited, but their ability to cover their tracks for over a year while gaining access to the email accounts, databases, and personal accounts of several high ranking officials and government organizations makes up for what they lack in technical expertise. Even more shocking, many of them were under the age of twenty, having met each other in high school shortly before beginning their hacking campaign.
CWA's primary motivation was the Free Palestine Movement, an activist cause centered around gaining autonomy for Palestine and ridding the country of Israeli influence. This is one reason why many falsely labeled them as an Anonymous spinoff, as the Free Palestine Movement is one of the decentralized collective's primary flags to rally around. After gaining access to the JABS - Joint Automated Booking System database, they accessed and leaked documents pertaining to the arrest of Jeremy Hammond, an infamous hacker who fought under the Anonymous flag.
CWA, however, was a fully autonomous group who occasionally had mission overlap with the Anonymous collective. Their core membership was only about five strong, with Cracka and Cubed in joint leadership of the collective, and IncursioSubter, DerpLaughing, and Zoom right under them. They shared responsibility, and it does not seem that any one member had more [Social Engineering (SE)] (https://en.wikipedia.org/wiki/Social_engineering_(security))or technical skill than the others. The PR for the group was mainly over Twitter and through Vice Motherboard reporter Lorenzo Franceschi-Bicchierai. A collection of the CWA articles in Motherboard can be found here.
Now on to their achievements
CWA was responsible for the dumping ( Doxing ) of close to 30,000 government and military personnel's information. This included names, job titles, phone numbers, states where the employees worked, and email addresses, and may have lead to several undercover agents to have their cover blown.
While this was the biggest volume of information leaked by the collective, it was not even the highest profile. The CWA also hacked the personal accounts of the Director of National Intelligence James Clapper, CIA Director John Brennan, a former senior executive of the National Geospatial-Intelligence Agency, the Miami Police Department, and other systems associated with US intelligence.
Not only did they access the accounts of these officials, but they several times trolled their targets, redirecting house and office calls to the Free Palestine movement and posting vulgar statements on their social media pages.
Author's Opinion
Now for the part where I tell you why this is important. Most of the group has been arrested, resulting in a defense funding page for their legal fees. On the day of writing, two of the hackers were sentenced to two years in prison, a relatively short sentence considering the crime.
So why is an old case of young men with too much time on their hands important?
The CWA hacking collective drew attention to the danger of social engineering. This includes everything from password security to multi-factor authentication. The ISP's and telephone carriers should also be held accountable for so easily giving out customer information as well. This case should bring to light how important it is to train the public and the workers at ISP's and cell carriers in protecting their identities.