The vast majority of hackers are never caught. If the individual makes a habit of doing this without proper opsec, maybe.
It's a lot easier to get away with hacking than most people make it out to be. When I was 14 years old I hacked one of the largest banks in the UK on a laugh with friends in high school using SQL injection. I didn't steal anything, but I did get access to very sensitive information about many members' accounts. It wouldn't have been difficult to do so and get away with it on a compartmentalized burner laptop with a VPN. Most banks write off relatively "small amounts" and simply eat the loss for the customer.
Young kids who have an aptitude for it pull off immature, amateur hacks like this all the time. Based purely on anecdote I'd say there is likely at least one adolescent in virtually every high school in America who has committed some sort of serious computer fraud.
Now I work in the security industry and just yesterday, I found a vulnerability in a website allowing you to use another user's payment because of an insecure direct object reference combined with clearly sequential payment IDs in the database. The methods evolve, but the core systems have stayed more or less the same and it would not be difficult to exploit this one and get away with it either.
People think this stuff is hard to get away with because of the sensationalized mystique surrounding it in the media. Unless you're very loud, incompetent or a big enough target, it just doesn't usually happen. I've personally spoken to "blackhat" groups that have cleared a few million dollars in a year, allowing each member a roughly top-1% income after laundering for a few hours of "work" per week. They're still around.
I have a suspicion that the CIA knew the identity of this kid and his associates within a few minutes of this Brennan guy figuring out his email had been hacked.
Well I have a [conspiracy] theory that they knew his identity before the hack - perfect way for the director to leak information without being brought to book, send it to an account that can be easily accessed with social engineering.
Or we can go deeper, the CIA director was preparing to do this so the subject-to-be of the docs he wished to leak had his account hacked to expose the flaw and prevent the leak-to-be.
It's a lot easier to get away with hacking than most people make it out to be. When I was 14 years old I hacked one of the largest banks in the UK on a laugh with friends in high school using SQL injection. I didn't steal anything, but I did get access to very sensitive information about many members' accounts. It wouldn't have been difficult to do so and get away with it on a compartmentalized burner laptop with a VPN. Most banks write off relatively "small amounts" and simply eat the loss for the customer.
Young kids who have an aptitude for it pull off immature, amateur hacks like this all the time. Based purely on anecdote I'd say there is likely at least one adolescent in virtually every high school in America who has committed some sort of serious computer fraud.
Now I work in the security industry and just yesterday, I found a vulnerability in a website allowing you to use another user's payment because of an insecure direct object reference combined with clearly sequential payment IDs in the database. The methods evolve, but the core systems have stayed more or less the same and it would not be difficult to exploit this one and get away with it either.
People think this stuff is hard to get away with because of the sensationalized mystique surrounding it in the media. Unless you're very loud, incompetent or a big enough target, it just doesn't usually happen. I've personally spoken to "blackhat" groups that have cleared a few million dollars in a year, allowing each member a roughly top-1% income after laundering for a few hours of "work" per week. They're still around.