A British man has been arrested and charged with hacking
into different US government networks and then stealing “massive
quantities” of confidential data.
28 year old, British hacker Lauri Love, was arrested by representatives of the recently launched
National Cyber Crime Unit of
the National Crime Agency (NCA) in Stradishall, Suffolk, last Friday
and subsequently charged with one count of accessing a US department or
agency computer without authorisation and one count of conspiring to do
the same. According to an indictment, which was filed in New Jersey,
the attacks took place over the last year, between October 2012 and
October 2013. During this period, Love and associates allegedly hacked
into thousands of networks and systems and placed hidden back doors
within them. This allowed them to return at a later date and then
pilfer confidential data. The data included the personally identifiable
information of members of the military forces.
The attackers communicated using IRC chats to locate and then
identify vulnerable systems. These systems they were able to access by
identifying weaknesses in the
Coldfusion
web application platform that is used by some of the affected
government agencies, it is claimed. Love and associates attempted to
conceal IP addresses by launching the attacks using proxy and Tor
servers, all the while the suspects used multiple identities to
communicate with each other. Love now faces a maximum sentence of five
years in prison if he is convicted, as well as a fine of up to $250,000.
The arrest followed a joint investigation, which was led by the US
army’s Criminal Investigation Command: Computer Crime Investigative Unit
and the FBI. They accused Love of accessing networks belonging to the
US Army,
NASA, the
US Environmental Protection Agency and the US Missile Defence Agency, thereby causing millions of dollars in damages.
US attorney Paul J Fishman said, “According to the indictment, Lauri
Love and conspirators hacked into thousands of networks, including many
belonging to the United States military and other government agencies…As
part of their alleged scheme, they stole military data and personal
identifying information belonging to servicemen and women. Such conduct
endangers the security of our country and is an affront to those who
serve.”
The US Army Criminal Investigation Command’s Computer Crime
Investigative Unit praised UK authorities for their assistance in the
arrest. The unit’s director Daniel Andrews said, “The borderless nature
of Internet-based crime underscores the need for robust law enforcement
alliances across the globe…We appreciate the bilateral support of the
National Crime Agency in bringing cyber criminals to justice.”