icon bookmark-bicon bookmarkicon cameraicon checkicon chevron downicon chevron lefticon chevron righticon chevron upicon closeicon v-compressicon downloadicon editicon v-expandicon fbicon fileicon filtericon flag ruicon full chevron downicon full chevron lefticon full chevron righticon full chevron upicon gpicon insicon mailicon moveicon-musicicon mutedicon nomutedicon okicon v-pauseicon v-playicon searchicon shareicon sign inicon sign upicon stepbackicon stepforicon swipe downicon tagicon tagsicon tgicon trashicon twicon vkicon yticon wticon fm
25 Jul, 2014 21:04

Brit accused of hacking the Fed hit with new charges by the FBI

Brit accused of hacking the Fed hit with new charges by the FBI

Federal authorities in the United States have unsealed their fourth set of charges in nine months against Lauri Love, a 29-year-old British man accused of hacking US government and private sector websites.

On Thursday this week, the Federal Bureau of Investigation announced that a grand jury in the Eastern District of Virginia has indicted Love on new charges of conspiracy, causing damage to a protected computer, access device fraud and aggravated identity theft; he faces a maximum sentence of 12 years in prison if found guilty of the latest counts.

Love was the subject of a criminal complaint filed in that district last October, and in the months since has been indicted by federal prosecutors in the states of New Jersey and New York over related accusations, including his alleged participation in computer intrusions waged by the hacktivist group Anonymous against the US Federal Reserve and others.

In recent weeks, UK officials said they had released Love from his local bail conditions and would not be pursuing further charges against him there, the BBC reported. Love’s UK attorney, Karen Todner, previously told reporters that she was “vehemently opposed” to any efforts to extradite her client to the US, and said, “If Mr. Love is to face charges that they should be, and will be, in the UK.”

According to the indictment unsealed this week, federal prosecutors in the States believe that Love and unnamed coconspirators accessed without authorization the computer networks of the US Department of Energy and the Department of Health and Human Services, along with the US Sentencing Commission, the FBI’s Regional Computer Forensic Laboratory and two private companies — Deltek, Inc. and Forte Interactive, Inc. of Virginia and Florida, respectively — as well as four unnamed residents of the Eastern District of Virginia whose credit card information was allegedly compromised during the hacking campaign along with that of “thousands” of others. To do as much, authorities say, Love and his alleged coconspirators exploited a vulnerability in ColdFusion, an Adobe-sold product designed to administer websites and databases.

“After gaining unauthorized access to the protected servers, Love and his conspirators obtained administrator-level access to the networks using custom file managers, which allowed the conspirators to upload and download files, as well as create, edit, remove and search for data,” the FBI’s Washington Field Office alleged in a press release that announced this week’s indictment. “Love unlawfully obtained massive amounts of sensitive and confidential information stored on those computers, including more than 100,000 employee records with names, Social Security numbers, addresses, phone numbers and salary information, along with more than 100,000 financial records, including credit card numbers and names.” Prosecutors say the hacks caused total losses in excess of $5 million.

The latest indictment piles further charges on top of the counts already lobbed against Love in that district last October when authorities first accused him of hacking the DOE, HHS, Sentencing Commission and FBI lab. On Friday, a representative for the Eastern District of Virginia told RT that the new charge sheet containing Deltek, Forte and four unknown individuals as victims supersedes the charges contained in the original complaint.

According to the latest allegations, Love hacked into Deltek’s network on or around July 3, 2013, then pilfered “confidential and sensitive data and property” including the “financial information included approximately 23,000 credit card numbers and the associated names, and the employee access information included approximately 80,000 usernames and passwords.” One month later, authorities say, Love took “names, addresses, phone numbers, email addresses and credit card numbers with expiration dates and items purchased” from Forte’s servers.

However, Deltek — an enterprise software company that largely serves federal contractors — did not acknowledge the breach until April 2014, nine months after the FBI believes Love and his coconspirators compromised the network. It was only then three months ago that Michael Corkery, Deltek’s CEO, confirmed that the company’s servers had been breached in late 2013 but remained undetected until March 13 of this year.

"We have remedied the security vulnerability that we believe the hacker exploited in order to gain unauthorized access to our GovWin IQ system," Corkery wrote at the time. "We have increased the overall security of GovWin IQ, including by reviewing and improving our data security procedures and changing our practices for handling personal information."

When Deltek disclosed news of the breach, a former employee told NextGov that he believed hackers had hit the company “in tandem with a series of strikes on government agencies and financial institutions.” As RT reported previously, the Anonymous-led attack against the Federal Reserve and Sentencing Commission in which Love is alleged to have participated in during early 2013 were explained by hacktivists at the time of the hack as being responses to the prosecution of Aaron Swartz, a computer prodigy who committed suicide in January 2013 while awaiting trial to face hacking charges of his own.

FreeAnons, a group that fundraises on behalf of alleged members of Anonymous and aims to assist with their legal defenses, said in a statement on Friday that “it would be reasonable to assume” that US authorities are now championing to have Love extradited to America. Love’s attorney, Todner, did not respond immediately to RT’s request for comment on Friday about the potential for extradition.

“It is our policy not to comment on matters of extradition unless they are completed,” a spokesperson for the United States Attorney’s Office for the Eastern District of Virginia added to RT.

But Irish hacker Darren Martyn, a former member of the notorious Anonymous offshoot LulzSec who has eluded charges in the US for more than two years, told RT’s Andrew Blake on Friday that he believes any attempt by the feds to bring Love to America would prove unsuccessful.

“US indictments mean nothing outside the US,” said Martyn, who served no time in Ireland for hacking but believes he is still under indictment in the States. “Free Love,” he added.

Podcasts
0:00
25:26
0:00
14:40