[suprgeek]

I think the REAL story here is that the Direct of the Frickin CIA has an AOL e-mail address & AOL e-mail is not the first thing that comes to your mind when you think Security.

Also he thought it was Ok to forward Sensitive Govt. Docs to a non-secured commercial e-mail address.

The amount of almost un-restrained power that these people have vs the very low quality of their InfoSec is truly appalling.

[r0naa]

I don't think anyone should be surprised that an intelligence agency - that has repeatedly violated its own country's law, and actively contributed to the weakening of civil rights - be guilty of this sort of negligence. That is exactly what happens when an institutions is allowed to grow unchecked, with no or little civilian oversight or consequences for the wrong-doings.

What's scary is that this kind of clueless, and technology illiterate, people are actively involved in shaping the future landscape of massive data collection.

I think we are about to witness, in the next decade, multiple "incidents" where millions, perhaps billions, of private records about innocent citizens will be leaked because of this kind of negligence.

[gilgad13]

I think people do deserve to be surprised. Competence is not the same as selflessness. Many people routinely question whether the FBI is operating for the good of the country, but most people at least believe that they are good at their job.

[sbochins]

If interested in the CIA, you should read "Legacy of Ashes". That book documents how the CIA's biggest flaw through the years has been incompetence.

[bootload]

cf: Competence "What The Khost Bombing Says About The CIA" (Robert Baer) ~ http://www.npr.org/templates/story/story.php?storyId=1247377... and "A Dagger to the CIA" ~ http://www.gq.com/story/dagger-to-the-cia

[seiji]

and I would have gotten away with it too if only it weren't for my one flaw... being incompetent at everything!

[reagency]

I prefer an incompetent adversary over a competent one.

[PakG1]

How about ally? Or is it so bad now that the CIA is an adversary, rather than an ally? I am sad that's actually a question.

[x1798DE]

I'm not sure that the CIA has ever been a real ally of the people in general, but to the extent that they are, it's similar to the inclusion of the USSR in the Allied Powers during World War II.

[andreyf]

Nice rant. The last two paragraphs threw me off, though... how exactly is the CIA Director involved in shaping the future landscape of massive data collection?

[oldmanjay]

I don't mean this to seem like a flippant question; have you heard of Edward Snowden?

[andreyf]

I do mean this to seem flippant; do you realize the NSA and CIA are not the same thing?

[jonknee]

On top of that the previous CIA director was undone by a Gmail account he shared with his mistress. You'd think email security would have come up during the onboarding process. The CIA is an intelligence agency, but its leaders are apparently just regular bureaucrats.

[codyb]

To be fair, being an accomplished member of an agency of foreign affairs, and being in any way competent with information security and being a US citizen in the notice of the highest echelons of our government is asking a lot from a small circle of potential candidates who are predominately far older than your tech savvy computer engineer.

And in most ways, leaving his e-mail to a provider which works with e-mail and has dealt with attacks before, is probably the most sensible thing to do.

And of course, I've read Legacy of Ashes and a few of Robert Baear's books (Beaer?) and understand being accomplished in the world of the CIA just avoiding political entanglement and not fucking up too badly, but whatever, the point stands ;-).

[Pyxl101]

The sensible thing to do is to leave his work email in his work account. That guidance should be email training 101 as well as common sense. You're not supposed to take classified government documents home with you, and you don't take government property home with you, and you don't send official work email to your random private email account.

[jonknee]

He has 24/7 instant access to very high quality opsec though, it doesn't matter that he's old. If he's too old to know any better he doesn't belong anywhere near classified material.

[AndrewKemendo]

If it makes you feel any better (it won't), anyone else in the company would have been summarily fired and barred from further work in the IC if they had done the same.

[jandrese]

I wonder if the primary fallout of this incident will be a government-wide mandatory email security training course.

[AndrewKemendo]

There already is. It's part of the annual Information Assurance training that everyone has to take to maintain access to networks.

[analog31]

This isn't to excuse his conduct in any way shape or form, but I suspect that every high ranking official in the public or private sector keeps a private e-mail account for conducting business off-the-books.

[Frondo]

Or just having a personal email address for non-work reasons. They're still human, even if they're high-level elected officials or CEOs, and they won't have that job/office forever.

[guiambros]

> "...where they read several dozen emails, some of them that Brennan had forwarded from his government work address and that contained attachments..."

Sorry, but this doesn't sound like "personal email address for non-work reasons"...

[bduerst]

At this point, I feel like the AOL account was actually a clever honeypot.