Hacker Claims Major Intrusions to Government Agencies. FBI Agrees.

Posted on December 17th, 2013 by Dan Rampe

DOE

Hacker Lauri Love brags in an email to a colleague that he and others from Anonymous hacked into “stuff [that’s] really sensitive. It’s basically every piece of information you’d need to do full identity theft on any employee or contractor” for the breached agency. Then again, as the old saying goes, it’s not bragging if you can actually do it. And a look at the FBI memo quoted in Dan Goodin’s story on arstechnical.com is a strong indication the FBI didn’t think for a moment Love was bragging. “The majority of the intrusions have not yet been made publicly known,” the memo stated. “It is unknown exactly how many systems have been compromised, but it is a widespread problem that should be addressed.”

And an email cited in a Reuters’ story from Energy Secretary Ernest Moniz’s chief of staff, Kevin Knobloch described the scope of the breaches. He said compromised data included data on approximately 2,000 bank accounts and personal information on at least 104,000 employees, contractors, family members, and others associated with the Department of Energy.

In addition to the Department of Energy, Love, a British resident, has been indicted on charges that he hacked into databases belonging to the Department of Energy, the Department of Health and Human Services, the US Sentencing Commission, et al.

In a series of attacks the FBI believed began almost a year ago, Love, say prosecutors, exploited a flaw in Adobe’s ColdFusion Web application development software to install backdoors that allowed him and others to return to steal data. Illegal access was gained to thousands of computer systems belonging to the U.S. government and others. And Love and others were able to download massive quantities of data allegedly resulting in millions of dollars in damages to victims.

According to Reuters, an Adobe spokesperson said the vulnerabilities in ColdFusion had already been fixed in newer releases.

ThreatMetrix secures Web transactions against account takeoverpayment fraudidentity spoofing, malware, and data breaches. The ThreatMetrix Global Trust Intelligence Network, which analyzes 500 million monthly transactions, provides context-based authentication and Web fraud prevention to help companies accelerate revenue, reduce costs and eliminate friction. ThreatMetrix protects more than 1,900 customers and 9,000 websites across a variety of industries, including financial servicesenterprisee-commerce, payments, social networks, government, and insurance. For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.