U.K. Hacker Is Charged With Theft of Data From U.S. Army

[Lee J <lee () riskbasedsecurity com>]

http://www.bloomberg.com/news/2013-10-28/u-k-hacker-is-charged-with-theft-of-data-from-u-s-army.html

A U.K. hacker stole “massive amounts” of confidential data from the U.S.
Army and the U.S.Missile Defense
Agency<http://topics.bloomberg.com/missile-defense-agency/>,
including personal identifying information of servicemen and women, the
U.S. said.

Lauri Love, 28, and others also breached computers systems at the U.S.
Environmental Protection Agency and the National Aeronautics and Space
Administration, according to Paul Fishman, the U.S. attorney in New Jersey.
Love was arrested Oct. 25 at home in
Stradishall,England<http://topics.bloomberg.com/england/>,
said Fishman today.

“They stole military data and personal identifying information belonging to
servicemen and women,” Fishman said in a statement. “Such conduct endangers
the security of our country and is an affront to those who serve.”

Love stole personal identifying information of workers at
NASA<http://topics.bloomberg.com/nasa/>,
the Missile Defense Agency and the Army Network Enterprise Technology
Command, according an indictment unsealed today in federal court in Newark, New
Jersey <http://topics.bloomberg.com/new-jersey/>. Criminal complaints also
were unsealed in Newark and Alexandria, Virginia.

The hackers also stole data on the demolition and disposal of military
facilities, natural-resource management, defense program budgeting data and
nonpublic competitive acquisition bid data, according to Fishman.

Love was arrested in connection with an investigation by the U.K.’s
National Crime Agency, according to Fishman. He faces as long as five years
in prison on the New Jersey charges.
‘Substantially Impaired’

The hacking “substantially impaired the functioning of dozens of computer
servers” and caused millions of dollars in damage to government agencies,
according to the indictment.

Love conspired with two people in
Australia<http://topics.bloomberg.com/australia/> and
a resident of Sweden <http://topics.bloomberg.com/sweden/> from October
2012 to this month, prosecutors charged.

“Computer intrusions present significant risks to national security and our
military operations,” Daniel Andrews, director of the U.S. Army Criminal
Investigation Command’s computer crime investigative unit, said in a
statement.

In some attacks, the hackers found weaknesses in Structured Query Language,
a type of programming language. In others, they attacked a Web application
platform known as Coldfusion. The hackers placed malicious code that
allowed them to maintain access through a so-called back door or shell,
according to the indictment.

They communicated using secure Internet chat rooms, where they frequently
changed online monikers, prosecutors charged.

The case is U.S. v. Love, U.S. District Court, District of New Jersey (
Newark <http://topics.bloomberg.com/newark/>).

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

# OWASP http://www.appsecusa.org
# Builders, Breakers and Defenders
# Time Square, NYC 20-21 Nov
o()xxxx[{::::::::::::::::::::::::::::::::::::::::>

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security offers security intelligence, risk management services and customized security solutions. The 
YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk 
mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.