Feds: U.K. hacker stole data from Army, defense agency
Prosecutors say his group also broke into EPA, NASA
NEWARK, N.J. — A British hacker stole “massive amounts” of confidential data from the U.S. Army and the Missile Defense Agency, including service members’ personal information, the U.S. government said Monday.
Lauri Love, 28, conspired with two people in Australia and a resident of Sweden, prosecutors said. Together they breached computer systems at the Environmental Protection Agency and NASA, said U.S. Attorney for the District of New Jersey Paul Fishman. Love was arrested Friday at home in Stradishall, England, Fishman said Monday.
“They stole military data and personal identifying information belonging to servicemen and women,” Fishman said in a statement. “Such conduct en- dangers the security of our country and is an affront to those who serve.”
Love stole identifying information of workers at NASA, the Missile Defense Agency and the Army Network Enterprise Technology Command, according an indictment unsealed Monday in federal court in Newark. Criminal complaints were also unsealed in Newark and Alexandria, Va.
Love also hacked into computers at the Department of Health and Human Services, Energy Department, Sentencing Commission and Regional Computer Forensics Laboratory, according to a complaint unsealed in Alexandria. He stole personal information about employees of the computer forensics laboratory and the Federal Bureau of Investigation, according to an arrest complaint filed by the FBI.
Love’s arrest came in connection with an investigation by Britain’s National Crime Agency, Fishman said. He faces up to five years in prison on the New Jersey charges.
The hacking “substantially impaired the functioning of dozens of computer servers” and caused millions of dollars in damage to government agencies, according to the indictment.
“Computer intrusions present significant risks to national security and our military operations,” Daniel Andrews, director of the U.S. Army Criminal Investigation Command’s computer crime investigative unit, said in a statement.
In some attacks, the hackers found weaknesses in Structured Query Language, a type of programming language, the U.S. said. In others, they attacked a Web application platform known as ColdFusion. They placed malicious code that let them maintain access through a so-called back door or shell, according to the indictment.
They communicated using secure Internet chat rooms, where they frequently changed online monikers, prosecutors said.