A joint investigation by the UK’s National Crime Agency and the FBI has culminated with the arrest of a British man, alleged to have hacked US government and military computer systems.
28-year-old Lauri Love from Stradishall, Suffolk, is suspected of hacking into systems on servers belonging to – amongst others – the Pentagon’s Missile Defence Agency, NASA and the Environmental Protection Agency.
US prosecutors have filed an indictment in a federal court in Newark, New Jersey, which reveals more details of the case.
Love is accused of working with at least three other individuals based in Sweden and Australia who are, as yet, unnamed. The alleged hackers are said to have exploited vulnerabilities on US government and military systems, planting backdoors which allowed them to return at a later date to steal sensitive information.
The intrusions identified in the indictment are as follows:
|Date||Organization||Location||Type of attack||Data involved|
|Oct. 2-6, 2012||Army Corps – Engineer Research and Development Center||Vicksburg, Miss.||ColdFusion||demolition and disposal of military facilities|
|Oct. 6, 2012||Army Corps||Vicksburg, Miss.||ColdFusion||natural resource management|
|Oct. 6-9, 2012||U.S. Army – Network Enterprise Technology Command||Aberdeen Proving Ground, Md.||SQL Injection||PII (more than 1,000 individuals)|
|Oct. 7,8, 2012||U.S. Army – Army Contracting command||Redstone Arsenal, Ala.||SQL Injection||nonpublic competitive acquisition bid data and attachments|
|Oct. 9, 2012||U.S. military – Plans and Analysis Integration Office||Aberdeen Proving Ground, Md.||ColdFusion||defense program budgeting data|
|October 2012||U.S. Department of Defense – Missile Defense Agency||not specified in indictment||ColdFusion||PII (more than 4,000 individuals)|
|Dec. 23, 2012||Army Corps – Engineer Research and Development Center||Vicksburg, Miss.||ColdFusion||not specified in indictment|
|Jan. 11, 2013||U.S. Army War College – Strategic Studies Institute||Carlisle, Pa.||ColdFusion||not specified in indictment|
|July 10, 2013||National Aeronautics and Space Administration||not specified in indictment||ColdFusion||PII of numerous NASA employees|
|Jan. 3, 2013||Environmental Protection Agency – Federal Facilities Environmental Stewardship and Compliance Assistance Center||Newark, Del.||ColdFusion||non-PII personnel data|
Budget information and the personal information of thousands of military personnel are said to be amongst the information accessed by Love.
“Computer intrusions present significant risks to national security and our military operations,” said Daniel Andrews, director of the U.S. Army Criminal Investigation Command’s Computer Crime Investigative Unit. “The borderless nature of Internet-based crime underscores the need for robust law enforcement alliances across the globe. We appreciate the bilateral support of the National Crime Agency in bringing cyber criminals to justice.”
Love has been released on bail until February 2014.
There’s no doubt that the American authorities are still smarting after their 10-year battle to extradite British hacker Gary McKinnon, who broke into Pentagon systems after 9/11 searching for secret files detailing UFOs extraterrestial life, ended in failure.
In the wake of that high-profile legal fight, it’s a very brave (or foolhardy) person who targets the US military with a hacking attack. If the US crime fighters believe that they have caught a hacker who has stolen secret information, and embarrassed them by exposing weaknesses on their systems, they are likely to do everything they can to come down like a ton of bricks.
Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.