A memo distributed by the FBI earlier this month described how hackers have been exploiting a flaw in Adobe Systems Inc’s software to launch a “rash of electronic break-ins”. The hacking apparently began in December 2012. The memo, which was read by Reuters, described the attacks as “a widespread problem that should be addressed”.
Those investigating the alleged hacking are still gathering information on the severity of the cyber break-in, which officials believe is still going on. The extent of the damage has yet to be confirmed, though it is said the breach has affected the Department of Energy, the US Army and the Department of Health and Human Services and the possibility of more agencies.
In an internal email sent in October 2013 from Energy Secretary Ernest Moniz’ chief of staff, Kevin Knobloch, the purloined data included the personal information of more than 104,000 employees, family members, contractors and other people associated with the Department of Energy.
The email also stated that information about 2,0000 bank accounts had also been stolen and that officials were “very concerned” that the stolen data could lead to thieving attempts.
Editor’s note: The Reuters’ report has a typo of 2,0000. It is unclear based on other articles if the number is actually 2,000 or 20,000. We will update if more information becomes available. For now, suffice it to say, that bank account info was stolen at least into the thousands. The same reports states: “It is unknown exactly how many systems have been compromised, but it is a widespread problem that should be addressed.”
Who Is Lauri Love?
Officials have also linked the Anonymous hacking to Lauri Love, a 28-year-old British man who was arrested on suspicion of hacking into US military computers. In October this year, Love was arrested, accused of breaching the security of the US military, NASA, the Environmental Protection Agency and FBI computers.
Love’s case has ignited a campaign to fight any possible extradition bid by the United States. Love is being represented by lawyer Karen Todner, who also represented hacker Gary McKinnon. As Top Secret Writers reported, McKinnon recently won his extradition battle against the US.
According to the Reuters report, investigators believe the cyber attacks began when Love and at least three others exploited a security flaw in Adobe’s software, ColdFusion. The ColdFusion software enables the rapid development and deployment of robust Internet operations and is commonly used to build websites.
Talking to Reuters, Heather Edell, a spokeswoman for Adobe said that she was not familiar with the FBI report. Ms. Edell added that the majority of attacks involving Adobe software have been exploited in programs that had not been updated with the latest security tools.
The Anonymous Group of Hackers
This is not the first time in 2013 that Anonymous made the headlines. Just last month, TSW wrote about a video that was published on YouTube which announced that a march was going to take place on November 5, 2013.
Supporters of the Anonymous hacktivist collective held rallies around the world on Guy Fawkes Night this year, protesting what they regard as greedy corporate and corrupt government rule.
Anonymous’ hacking activities have not been confined to US federal agencies. The activists’ loathing of corporations and corporate greed is evidenced by the fact Anonymous hackers attacked PayPal’s website. Reports have recently emerged that a group of 13 defendants acknowledged taking part in a protest organised by Anonymous after PayPal cut ties to Wikileaks.
Earlier this month, 13 people pleaded guilty to helping disable the online payment provider PayPal. The cyber-attack was part of a protest that authorities believe was organised by Anonymous. According to the Vancouver Sun, the protest was organised in December 2010 by Anonymous after the Ebay-owned PayPal broke ties with the anti-secrecy website when it released more than 700,000 leaked government documents.
Two more large corporations that have fallen victim to Anonymous attacks were Sony Corp and the security company, HBGary Federal. In 2011, Anonymous began attacking websites owned by the Sony brand to protest the company’s lawsuits against PlayStation 3 hackers.
The latest Anonymous campaign focused on major US agencies that have been associated with “Operation Last Resort.” Campaigners have stated that this Anonymous operation is in retaliation for the “overzealous prosecution of hackers”, as stated by Reuters.
Reference was made specifically to the lengthy penalty sought for Aaron Swartz, a notorious IT programmer and Internet activist who was involved in the development of the web format RSS. In January 2011, Swartz was arrested by the Massachusetts Institute of Technology Police Department on charges of breaking and entering after he had downloaded academic journal articles for the digital library Journal Storage.
Two years later, shortly after the prosecution denied Swartz’s lawyer a second offer of a plea bargain, Swartz was found dead in his New York apartment where he had taken his own life.
The group’s latest alleged hacking antics of breaching numerous federal agencies’ computer systems is certainly ruffling the FBI’s feathers. What are your thoughts on the hacking? Share them below in the comments section.