October 29, 2013
UK Hacker Arrested, Charged With Infiltrating US Military Networks
Peter Suciu for redOrbit.com - Your Universe Online
US authorities on Monday announced that a UK hacker, who had reportedly stolen “massive amounts” of confidential data from the US Army and the US Missile Defense Agency, had been arrested. Lauri Love, apparently infiltrated thousands of computer systems belonging to the United States military, as well as NASA and the Environmental Protection Agency (EPA).
Love, 28, and three unnamed co-conspirators, breached the systems and stole confidential data, which included personal information, resulting in millions of dollars in losses.
Love was arrested at home in Stradishall, England on October 25, according to New Jersey US Attorney Paul Fishman. Love had been previously charged in New Jersey by federal complaint, which was unsealed in connection with the arrest. He is further charged in a criminal complaint in the Eastern District of Virginia with alleged conduct that is related to those other intrusions.
“According to the indictment, Lauri Love and conspirators hacked into thousands of networks, including many belonging to the United States military and other government agencies,” said US Attorney Fishman via an official statement. “As part of their alleged scheme, they stole military data and personal identifying information belonging to servicemen and women. Such conduct endangers the security of our country and is an affront to those who serve.”
Love’s arrest reportedly came in connection with an investigation conducted by the United Kingdom’s National Crime Agency. He now faces up to five years in prison on the New Jersey charges, but those are far from his only pending court dates. He was also charged with violating Britain’s Computer Misuse Act.
According to the complaint unsealed in Alexandra, Virginia, Love also hacked into computers at the US Department of Health and Human Services, the Energy Department, Sentencing Commission and Regional Computer Forensics Laboratory. He also is charged with stealing personal information about employees of the computer forensics laboratory and the Federal Bureau of Investigations (FBI).
“Computer intrusions present significant risks to national security and our military operations,” said Daniel Andrews, director of the US Army Criminal Investigation Command’s Computer Crime Investigative Unit via a statement. “The borderless nature of Internet-based crime underscores the need for robust law enforcement alliances across the globe. We appreciate the bilateral support of the National Crime Agency in bringing cyber criminals to justice.”
Love’s co-conspirators are believed to live in Australia and Sweden, and the group is believed to have been hacking the computers from 2012 up until this month. The group was reportedly using secure servers, including those on the Tor network to launch attacks on multiple computer networks, where they further left “back door” malware code that allowed for reentry into the systems.
In some of the attacks the hackers encountered weaknesses in the Structured Query Language (SQL), while in others they utilized a web application platform known as ColdFusion, which placed malware inside the systems.
The group communicated via secure Internet chat rooms, and frequently changed online monikers to throw off authorities. They also used “proxy” and “tor” servers to mask their IP addresses.
If convicted, Love faces a maximum potential penalty of five years in prison and a $250,000 fine, or twice the gross gain or loss from the offense, on each of the two counts in which he is now charged.
The US Defense Department has not commented on this case.