November 17, 2013
FBI Memo: Anonymous Has Compromised US Government Websites
redOrbit Staff & Wire Reports - Your Universe Online
Members of the hacking collective known as Anonymous have been secretly accessing US government agency computers for almost a year, according to a Federal Bureau of Investigation (FBI) memo obtained by Reuters last week.As Jim Finkle and Joseph Menn of the international news agency first reported on Saturday, the cyberattacks involved computers in multiple agencies and resulted in the theft of “sensitive information.” The memo claims that Anonymous gained access to the systems by exploiting a flaw in Adobe software last December.
Once they had gained access, the hackers created “back doors” which enabled them to re-visit those machines on multiple occasions, some “as recently as last month,” Finkle and Menn added. The memo was distributed on Thursday and called the attacks a “widespread problem” that had affected the US Army, the Department of Energy, the Department of Health and Human Services, and possibly other federal agencies.
According to Bryan Bishop of The Verge, the attacks used an exploit in Adobe’s ColdFusion software. As for the information that Anonymous was able to steal, Bishop said that an October 11 email from Kevin Knobloch of the Energy Department said that data on more than 100,000 employees from that agency, their family members, and contractors had been taken, along with information pertaining to nearly 2,000 bank accounts.
“The Anonymous attacks are said to be tied to the case of Lauri Love,” he added. “Love is the alleged UK hacker that was charged in October of having compromised computer systems for NASA and the State Department, to name just a few. According to the report, some of the attacks have been mentioned publicly before as part of the Anonymous Operation Last Resort campaign – though the FBI memo reportedly cautions that ‘the majority of the intrusions have not yet been made publicly known.’”
News of the FBI memo comes one day after the sentencing of an Anonymous hackivist who played a role in the leaking of thousands of emails from private intelligence company Stratfor, The Guardian said. That individual, Jeremy Hammond, claimed that an FBI informant had instructed him to hack websites of several international government agencies.
Hammond, who received a 10-year sentence for his crimes, called the ruling a “vengeful, spiteful act” and said that the US government “celebrates my conviction and imprisonment, hoping that it will close the door on the full story. I took responsibility for my actions, by pleading guilty, but when will the government be made to answer for its crimes?”
As for the FBI memo, Reuters reports an agency spokesperson declined to elaborate on the issue, and Adobe spokeswoman Heather Edell said that she was not familiar with the FBI report. Edell also explained that in most incidents, the majority of cyberattacks involving the company’s software occurred when the programs had not been updated with the most recent security patches.