BreachExchange mailing list archives
U.K. Hacker Is Charged With Theft of Data From U.S. Army
From: Lee J <lee () riskbasedsecurity com>
Date: Tue, 29 Oct 2013 02:00:36 +1100
http://www.bloomberg.com/news/2013-10-28/u-k-hacker-is-charged-with-theft-of-data-from-u-s-army.html A U.K. hacker stole “massive amounts” of confidential data from the U.S. Army and the U.S.Missile Defense Agency<http://topics.bloomberg.com/missile-defense-agency/>, including personal identifying information of servicemen and women, the U.S. said. Lauri Love, 28, and others also breached computers systems at the U.S. Environmental Protection Agency and the National Aeronautics and Space Administration, according to Paul Fishman, the U.S. attorney in New Jersey. Love was arrested Oct. 25 at home in Stradishall,England<http://topics.bloomberg.com/england/>, said Fishman today. “They stole military data and personal identifying information belonging to servicemen and women,” Fishman said in a statement. “Such conduct endangers the security of our country and is an affront to those who serve.” Love stole personal identifying information of workers at NASA<http://topics.bloomberg.com/nasa/>, the Missile Defense Agency and the Army Network Enterprise Technology Command, according an indictment unsealed today in federal court in Newark, New Jersey <http://topics.bloomberg.com/new-jersey/>. Criminal complaints also were unsealed in Newark and Alexandria, Virginia. The hackers also stole data on the demolition and disposal of military facilities, natural-resource management, defense program budgeting data and nonpublic competitive acquisition bid data, according to Fishman. Love was arrested in connection with an investigation by the U.K.’s National Crime Agency, according to Fishman. He faces as long as five years in prison on the New Jersey charges. ‘Substantially Impaired’ The hacking “substantially impaired the functioning of dozens of computer servers” and caused millions of dollars in damage to government agencies, according to the indictment. Love conspired with two people in Australia<http://topics.bloomberg.com/australia/> and a resident of Sweden <http://topics.bloomberg.com/sweden/> from October 2012 to this month, prosecutors charged. “Computer intrusions present significant risks to national security and our military operations,” Daniel Andrews, director of the U.S. Army Criminal Investigation Command’s computer crime investigative unit, said in a statement. In some attacks, the hackers found weaknesses in Structured Query Language, a type of programming language. In others, they attacked a Web application platform known as Coldfusion. The hackers placed malicious code that allowed them to maintain access through a so-called back door or shell, according to the indictment. They communicated using secure Internet chat rooms, where they frequently changed online monikers, prosecutors charged. The case is U.S. v. Love, U.S. District Court, District of New Jersey ( Newark <http://topics.bloomberg.com/newark/>).
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: # OWASP http://www.appsecusa.org # Builders, Breakers and Defenders # Time Square, NYC 20-21 Nov o()xxxx[{::::::::::::::::::::::::::::::::::::::::> Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security offers security intelligence, risk management services and customized security solutions. The YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.
Current thread:
- U.K. Hacker Is Charged With Theft of Data From U.S. Army Lee J (Oct 30)