Anonymous hackers engaged in year-long campaign targeting US govt agencies - FBI

16 Nov, 2013 03:49 / Updated 11 years ago

For the past year, activist hackers from the collective known as Anonymous have accessed US government computers in multiple federal agencies and stolen sensitive information, according to an FBI memo.

Last December, the hackers began a campaign that exploited a flaw in Adobe Systems Inc’s software to break into computers at government entities such as the US Army, the Department of Energy, the Department of Health and Human Services, and likely many more. They maintained “back doors” in order to return to the machines as recently as last month, Reuters reported.

The Federal Bureau of Investigation memo, distributed Thursday and seen by Reuters, called the hacking campaign "a widespread problem that should be addressed."

FBI investigators have yet to pinpoint the scope of the campaign, which is believed to be ongoing. The memo tells system administrators how to determine if their networks were compromised.

According to an Oct. 11 internal email from Department of Energy Secretary Ernest Moniz’s chief of staff, Kevin Knobloch, data stolen during the Anonymous hack on the department included personal information on at least 104,000 employees, contractors, family members, and others, along with information on many bank accounts that officials were “very concerned” could lead to theft.

An FBI spokeswoman would not elaborate on the investigation.

Officials say the hacking campaign is associated with the case of Lauri Love, a British man arrested and charged in October with hacking into systems of the US Army, the US Sentencing Commission, the Department of Energy, and other agencies. He was released on bail until February.

The FBI believes the campaign began when Love and others used a security flaw in Adobe’s ColdFusion software, which is used to construct websites.

Adobe spokeswoman Heather Edell said she was unaware of the FBI memo, but stated the company has found that most attacks on its software happen when programs have not been updated with the latest security.

Some of the data gathered during the "Operation Last Resort campaign had been previously reported by those associated with Anonymous, though "the majority of the intrusions have not yet been made publicly known," the FBI wrote.

"It is unknown exactly how many systems have been compromised, but it is a widespread problem that should be addressed."

Among other causes, Anonymous members that took part in the campaign said it was in retaliation against the overzealous prosecution of hackers, such as the draconian penalties sought for Aaron Swartz, who committed suicide while awaiting trial over his own high-profile hacking activities.

Anonymous authored a statement on the hacked Sentencing Commission website in honor of Swartz. It listed “Operation Last Resort” - the campaign that cited the treatment of Swartz as well as the “erosion of due process, the dilution of constitutional rights [and] the usurpation of the rightful authority of courts by the ‘discretion’ of prosecutors” - as the catalyst for the attack.

Internet activist and Anonymous member Jeremy Hammond, who pleaded guilty to hacking servers of the private intelligence company Statfor and leaking its information to anti-secrecy site WikiLeaks, was sentenced to 10 years in jail on Friday.

As a worldwide movement, Anonymous has in the past rallied in support WikiLeaks and Army soldier-turned-whistleblower Chelsea Manning. The collective supported Arab Spring anti-dictatorship protesters in the Middle East and the Occupy Wall Street movement, which started in New York City over two years ago but has since spread across the world as a means of addressing the overt, allegedly corrupt ties between corporations and authorities.