UK Man Indicted for Hacking in U.S.

Wednesday, October 30, 2013 @ 04:10 PM gHale


A United Kingdom man is facing charges of breaching thousands of computer systems in the United States and elsewhere – including the computer networks of federal agencies – to steal massive quantities of confidential data.

Lauri Love, 28, of Stradishall, England, is facing one count of accessing a U.S. department or agency computer without authorization and one count of conspiring to do the same, according to a federal indictment handed up from the New Jersey U.S. Attorney’s office.

RELATED STORIES
Charges Filed in Cyber Fraud Case
4 Dutch Men Face Cyber Theft Charges
Identity Theft Service Suspect Arrested
Feds Bust 2 in Skimming Device Scam

An investigation led by the U.S. Army Criminal Investigation Command-Computer Crime Investigative Unit and the FBI in Newark found Love illegally infiltrated U.S. government computer systems – including those of the U.S. Army, U.S. Missile Defense Agency, Environmental Protection Agency and National Aeronautics and Space Administration – resulting in millions of dollars in losses.

Law enforcement authorities in the United Kingdom, including investigators with the Cyber Crime Unit of the National Crime Agency (NCA), said they arrested Love at his residence Oct. 25. Love faced charges previously in New Jersey on a federal complaint, also unsealed in connection with his arrest. He also faces charges in a criminal complaint in the Eastern District of Virginia related to other intrusions.

According to the indictment, between October 2012 and October 2013, Love and fellow conspirators sought out and hacked into thousands of computer systems. Once inside the compromised networks, Love and his conspirators placed hidden back doors within the networks, which allowed them to return to the compromised computer systems at a later date and steal confidential data.

The stolen data included the personally identifying information (PII) of thousands of individuals, some of whom were military servicemen and servicewomen, as well as other nonpublic material.

Love and his conspirators planned and executed the attacks in secure online chat forums. They communicated in these chats about identifying and locating computer networks vulnerable to cyber attacks and gaining access to and stealing massive amounts of data from those networks. They also discussed the object of the conspiracy, which was to hack into the computer networks of the government victims and steal large quantities of non-public data, including PII, to disrupt the operations and infrastructure of the United States government.

To gain entry to the government victims’ computer servers, Love and conspirators often deployed SQL injection attacks. They also exploited vulnerabilities in the ColdFusion web application platform. Like SQL Injection attacks, this method of hacking allowed the conspirators to gain unauthorized access to secure databases of the victims. Once they got into the network, they created back doors, leaving the system vulnerable and helping them maintain access, officials said.

Love and his conspirators took steps to conceal their identities and illegal hacking activities. To mask their IP addresses, the conspirators used proxy and Tor servers to launch the attacks. They also frequently changed their nicknames in online chat rooms, using multiple identities to communicate with each other.

If convicted, the Love faces a maximum potential penalty of five years in prison and a $250,000 fine, or twice the gross gain or loss from the offense.



Leave a Reply

You must be logged in to post a comment.