Attackers allegedly used SQL injection to get into U.S. government computers

Here’s a twist on stories of U.S. agencies spying on the Internet and phone services around the world: British authorities have arrested a man there for being part of a conspiracy that allegedly breached thousands of computer systems in the United States and elsewhere – including the computer networks of federal agencies –  through SQL injection attacks to steal massive quantities of confidential data over the last 12 months.

The move came after federal authorities in New Jersey filed an indictment before a grand jury charging Lauri Love, 28, of Stradishall, England with one count of accessing a U.S. department or agency computer without authorization and one count of conspiring to access the computer.

An investigation led by the U.S. Army Criminal Investigation Command-Computer Crime Investigative Unit and the FBI in Newark revealed that Love allegedly illegally infiltrated U.S. government computer systems – including those of the U.S. Army, U.S. Missile Defense Agency, Environmental Protection Agency and National Aeronautics and Space Administration – resulting in millions of dollars in losses, the U.S. attorney’s office for the district of New Jersey said in a news release.

Love was arrested at his residence last Friday.

Between October 2012 and October 2013, Love and fellow conspirators sought out and hacked into thousands of computer systems, the news release said. Once inside the compromised networks, Love and his conspirators allegedly placed hidden “shells” or “back doors” within the networks, which allowed them to return to the compromised computer systems at a later date and steal confidential data. The stolen data included the personally identifying information of thousands of individuals, some of whom were military servicemen and servicewomen, as well as other nonpublic material.

In addition to using SQL injection attacks, the conspirators allegedly used vulnerabilities in  the Adobe ColdFusion Web application platform.

The news release doesn’t detail exactly how authorities got on to the alleged conspirators, but it does say people planned and executed the attacks in secure Internet relay chats. “They communicated in these chats about identifying and locating computer networks vulnerable to cyber attacks and gaining access to and stealing massive amounts of data from those networks,” the news release says. “They also discussed the object of the conspiracy, which was to hack into the computer networks of the government victims and steal large quantities of non-public data, including PII (personal identifying information), to disrupt the operations and infrastructure of the United States government.”

If convicted, Love faces a maximum potential penalty of five years in prison and a $250,000 fine, or twice the gross gain or loss from the offense, on each of the two counts with which he is charged.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now