WASHINGTON – A British man whom prosecutors described as a “sophisticated and prolific computer hacker” has been charged in connection with cyberattacks in which he illegally accessed the personal information of U.S. soldiers and government employees, and obtained other information about budgets, contracts and the demolition of military facilities, authorities said Monday.
Lauri Love, 28, was taken into custody Friday at his home in Stradishall, England, and faces charges in federal courts in Virginia and New Jersey in the attacks, which authorities said caused millions of dollars in losses. Apparently motivated by a desire to wreak havoc on the U.S. government, Love and those working with him were able to infiltrate the computer systems of entities, including the Environmental Protection Agency and the Missile Defense Agency, authorities said in court records.
Love is accused of planning the attacks, which spanned from October 2012 through August, with others in online chats. The group members used somewhat sophisticated techniques known as “SQL injection” attacks and “ColdFusion” exploits, and they left themselves surreptitious paths back into government computer systems after they first accessed them, authorities said.
The group targeted federal websites and systems they thought might be weak, including those for the Department of Health and Human Services, the U.S. Sentencing Commission and the Department of Energy, court records say. Among the data accessed were information about the demolition of military facilities, stolen from U.S. Army Corps of Engineers servers; competitive bid data, stolen from an Army Contracting Command database; and defense program budgeting data, stolen from the military’s Plans, Analysis, and Integration Office, according to an indictment in the case.
The group is also accused of stealing the personal information of more than 4,000 people in a Missile Defense Agency database and similar information on NASA employees. In one online chat, Love, who sometimes used the handle “peace,” boasted that he had swiped “basically every piece of information you’d need to do full identity theft on any employee or contractor,” according to the indictment.
In the case of the Sentencing Commission, court records say, the aim of the group was more political: It altered the commission’s website to display a video criticizing the sentencing guidelines for Internet-related crimes.
It is unclear whether the hackers accessed information that might specifically endanger national security; a Defense Department spokesman said that he was “not going to comment on breaches that may have taken place in our networks or systems.”