FBI links year-long breach of government systems to Anonymous, report says

Share this article:

By exploiting vulnerable Adobe software, hackers were able to gain the access they needed to steal sensitive data from government computers, reports revealed.

Reuters, which obtained an FBI memo warning of the attacks and linking the incidents to hacktivist group Anonymous, published the details in a Friday article.

According to the outlet, attackers that leveraged the Adobe vulnerability were able to “launch a rash of electronic break-ins” that started last December – which were facilitated with backdoors planted on government machines.

The Department of Energy (DOE), the Department of Health and Human Services, and the U.S. Army were among the breached agencies, Reuters reported.

Several factors – such as the attack method used, the victims of the campaign, and the timing of the incidents – appear to coincide with exploits described in an ongoing case against a British man, who was arrested late last month.

In October, Lauri Love, 28, was charged for his involvement in breaching thousands of computers in and outside of the United States, between October 2012 and October 2013; specifically, those belonging to the U.S. Army and other government agencies.

Love allegedly exploited vulnerabilities in Adobe ColdFusion and carried out SQL injection attacks to hack government databases with unnamed co-conspirators in Australia and Sweden. The group is also suspected of planting malware on their targets' systems so they could maintain backdoor access to compromised networks, court documents said.

On Monday, SCMagazine.com reached out to an FBI spokeswoman, who declined to comment on the publicized memo and suspected connection between Love and Anonymous.

According to reports, an Adobe ColdFusion flaw was also used to leverage attacks in the newly revealed campaign being linked to Anonymous.

With their access, attackers were able to steal the personal information of more than 100,000 DOE employees, contractors, family members and others associated with the agency, as well as data on nearly 2,000 bank accounts, Reuters said.

The outlet obtained an internal email from a high-ranking energy official, Kevin Knobloch, chief of staff to Energy Secretary Ernest Moniz, which said on Oct. 11 that the stolen financial data had officials “very concerned” about the potential of fraud.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Hackers grab email addresses of CurrentC pilot participants

Hackers grab email addresses of CurrentC pilot participants

Although the hack didn't breach the mobile payment app itself, consumer confidence may be shaken.

Operators disable firewall features to increase network performance, survey finds

Operators disable firewall features to increase network performance, ...

McAfee found that 60 percent of 504 surveyed IT professionals prioritize security as the primary driver of network design.

PCI publishes guidance on security awareness programs

PCI publishes guidance on security awareness programs

The guidance, developed by a PCI Special Interest Group, will help merchants educate staff on protecting cardholder data.