cia director email hack
CIA director John Brennan's AOL email account was hacked in 2015. US government departments have suffered a slew of attacks over the past 12 monthsReuters

John Brennan, director of the notoriously secretive US Central Intelligence Agency (CIA) has said that no one is safe from hackers only a few months after his personal email account was breached and the contents leaked online.

In October 2015, WikiLeaks published six documents from Brennans' personal AOL account that included an early version of a government bill on interrogation alongside a number documents outlining the main challenges faced by the intelligence community in the US. Now, speaking to 60 Minutes, the CIA director was asked what he had learned from the ordeal. "It shows that there are ways that individuals can get into the personal emails of anybody," he responded.

There is little doubt it was an embarrassing time for the US government, even if the emails pre-dated Brennan's time at the CIA, it clearly proved that no one, not even a high-profile spy chief, is untouchable.

And while CIA operations are led from Langley, Virginia, the threats from cyber adversaries are now coming from all angles – with China, Iran, North Korea and Russia being the most likely culprits of orchestrating successful cyber attacks against the US. In the interview, Brennan openly admitted it is not only a worry for the agency, but for him personally.

"[The] cyber environment can pose a very, very serious and significant attack vector for our adversaries if they want to take down our infrastructure, if they want to create havoc in transportation systems, if they want to do great damage to our financial networks," he said. "There are safeguards being put in place. But that cyber environment is one that really is the thing that keeps me up at night."

The US has suffered a slew of cyber attacks over the past 12 months, the most damning of which was the incident at the Office of Personnel Management (OPM) that resulted in the loss of millions of sensitive federal records. Most recently, the Department of Homeland Security and the FBI were both caught up in hacking scandals.

Turning off the lights

The CIA director, who has worked for the agency for over 35 years, also said that having cyber 'intent' and cyber 'capabilities' are two very different things when it comes to analysing potential threats.

When asked whether other nations have the capability to 'turn off the lights' of the US he said: "I think fortunately right now those who may have the capability do not have the intent. Those who may have the intent right now I believe do not have the capability. If they had the capability they would deploy and employ those tools."

WikiLeaks
WikiLeaks - led by Julian Assange - published a cache of emails from Brennan's email accountREUTERS

Yet evidence suggests that attacks against such critical infrastructure are on the rise. The most recent case, involving suspected Russian hackers hitting a power grid in Ukraine, clearly demonstrated that such capabilities, and the willingness to use them, are evolving. Yet the US cannot claim to be an innocent player in these matters – frequently being accused of working alongside allies in Israel to attack the critical infrastructure of Iran with computer interference and hacking.

Government spying

In the wake of the Edward Snowden disclosures in 2013, when the former government contractor exposed a vast spying apparatus used by agencies such as the CIA, FBI, NSA and UK's GCHQ, the topics of privacy and surveillance have become ingrained in the public conscious.

Yet according to Brennan, people are often too quick to blame the government and intelligence agencies when it comes to how data and information is collected and exploited. When asked 'is privacy dead?' by interviewer Scott Pelley, he said: "It's interesting that people always point to the government or others in terms of the invasion of privacy.

"But individuals are liberally giving up their privacy, you know, sometimes wittingly and sometimes unwittingly as they give information to companies or to sales reps. Or they go out on Facebook or the various social media – they don't realise though that they are then making themselves vulnerable to exploitation."