A British man has been arrested and charged with hacking into different US government networks and then stealing “massive quantities” of confidential data.
28 year old, British hacker Lauri Love, was arrested by representatives of the recently launched National Cyber Crime Unit of the National Crime Agency (NCA) in Stradishall, Suffolk, last Friday and subsequently charged with one count of accessing a US department or agency computer without authorisation and one count of conspiring to do the same. According to an indictment, which was filed in New Jersey, the attacks took place over the last year, between October 2012 and October 2013. During this period, Love and associates allegedly hacked into thousands of networks and systems and placed hidden back doors within them. This allowed them to return at a later date and then pilfer confidential data. The data included the personally identifiable information of members of the military forces.
The attackers communicated using IRC chats to locate and then identify vulnerable systems. These systems they were able to access by identifying weaknesses in the Coldfusion web application platform that is used by some of the affected government agencies, it is claimed. Love and associates attempted to conceal IP addresses by launching the attacks using proxy and Tor servers, all the while the suspects used multiple identities to communicate with each other. Love now faces a maximum sentence of five years in prison if he is convicted, as well as a fine of up to $250,000. The arrest followed a joint investigation, which was led by the US army’s Criminal Investigation Command: Computer Crime Investigative Unit and the FBI. They accused Love of accessing networks belonging to the US Army, NASA, the US Environmental Protection Agency and the US Missile Defence Agency, thereby causing millions of dollars in damages.
US attorney Paul J Fishman said, “According to the indictment, Lauri Love and conspirators hacked into thousands of networks, including many belonging to the United States military and other government agencies…As part of their alleged scheme, they stole military data and personal identifying information belonging to servicemen and women. Such conduct endangers the security of our country and is an affront to those who serve.”
The US Army Criminal Investigation Command’s Computer Crime Investigative Unit praised UK authorities for their assistance in the arrest. The unit’s director Daniel Andrews said, “The borderless nature of Internet-based crime underscores the need for robust law enforcement alliances across the globe…We appreciate the bilateral support of the National Crime Agency in bringing cyber criminals to justice.”