Friday, March 7, 2014
The Washington Post
WASHINGTON — A 28-year-old British man whom prosecutors described as a “sophisticated and prolific computer hacker” has been charged in connection with cyberattacks in which he illegally accessed the personal information of U.S. soldiers and government employees, and obtained other information about budgets, contracts and the demolition of military facilities, authorities said Monday.
Lauri Love was taken into custody Friday at his home in Stradishall, England, and faces charges in federal courts in Virginia and New Jersey in the attacks, which authorities said caused millions of dollars in losses. Apparently motivated by a desire to wreak havoc on the U.S. government, Love and those working with him were able to infiltrate the computer systems of entities including the Environmental Protection Agency and the Missile Defense Agency, authorities said in court records.
Love is accused of planning the attacks, which spanned from October 2012 through August, with others in online chats. The group members used somewhat sophisticated techniques known as “SQL injection” attacks and “ColdFusion” exploits, and they left themselves surreptitious paths back into government computer systems after they first accessed them, authorities said.
The group targeted federal websites and systems they thought might be weak, including those for the Department of Health and Human Services, the U.S. Sentencing Commission and the Department of Energy, court records say. Among the data accessed were information about the demolition of military facilities, stolen from U.S. Army Corps of Engineers servers; competitive bid data, stolen from an Army Contracting Command database; and defense program budgeting data, stolen from the military’s Plans, Analysis, and Integration Office, according to an indictment in the case.
The group is also accused of stealing the personal information of more than 4,000 people in a Missile Defense Agency database.