British man accused of hacking US military servers, planting backdoors

HackerA joint investigation by the UK's National Crime Agency and the FBI has culminated with the arrest of a British man, alleged to have hacked US government and military computer systems.

28-year-old Lauri Love from Stradishall, Suffolk, is suspected of hacking into systems on servers belonging to - amongst others - the Pentagon's Missile Defence Agency, NASA and the Environmental Protection Agency.

US prosecutors have filed an indictment in a federal court in Newark, New Jersey, which reveals more details of the case.

Love is accused of working with at least three other individuals based in Sweden and Australia who are, as yet, unnamed. The alleged hackers are said to have exploited vulnerabilities on US government and military systems, planting backdoors which allowed them to return at a later date to steal sensitive information.

The intrusions identified in the indictment are as follows:

Date

Organization

Location

Type of Attack

Data Involved

Oct. 2-6, 2012

Army Corps - Engineer Research and Development Center

Vicksburg, Miss.

ColdFusion

demolition and disposal of military facilities

Oct. 6, 2012

Army Corps

Vicksburg, Miss.

ColdFusion

natural resource management

Oct. 6-9, 2012

U.S. Army – Network Enterprise Technology Command

Aberdeen Proving Ground, Md.

SQL Injection

PII (more than 1,000 individuals)

Oct. 7,8, 2012

U.S. Army – Army Contracting command

Redstone Arsenal, Ala.

SQL Injection

nonpublic competitive acquisition bid data and attachments

Oct. 9, 2012

U.S. military – Plans and Analysis Integration Office

Aberdeen Proving Ground, Md.

ColdFusion

defense program budgeting data

October 2012

U.S. Department of Defense – Missile Defense Agency

not specified in indictment

ColdFusion

PII (more than 4,000 individuals)

Dec. 23, 2012

Army Corps - Engineer Research and Development Center

Vicksburg, Miss.

ColdFusion

not specified in indictment

Jan. 11, 2013

U.S. Army War College – Strategic Studies Institute

Carlisle, Pa.

ColdFusion

not specified in indictment

July 10, 2013

National Aeronautics and Space Administration

not specified in indictment

ColdFusion

PII of numerous NASA employees

Jan. 3, 2013

Environmental Protection Agency - Federal Facilities Environmental Stewardship and Compliance Assistance Center

Newark, Del.

ColdFusion

non-PII personnel data

Budget information and the personal information of thousands of military personnel are said to be amongst the information accessed by Love.

"Computer intrusions present significant risks to national security and our military operations," said Daniel Andrews, director of the U.S. Army Criminal Investigation Command’s Computer Crime Investigative Unit. “The borderless nature of Internet-based crime underscores the need for robust law enforcement alliances across the globe. We appreciate the bilateral support of the National Crime Agency in bringing cyber criminals to justice."

Love has been released on bail until February 2014.

There's no doubt that the American authorities are still smarting after their 10-year battle to extradite British hacker Gary McKinnon, who broke into Pentagon systems after 9/11 searching for secret files detailing UFOs extraterrestial life, ended in failure.

In the wake of that high-profile legal fight, it's a very brave (or foolhardy) person who targets the US military with a hacking attack. If the US crime fighters believe that they have caught a hacker who has stolen secret information, and embarrassed them by exposing weaknesses on their systems, they are likely to do everything they can to come down like a ton of bricks.

Tags: , , , ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

, , , ,

No comments yet.

Leave a Reply