FBI: Anonymous has been exploiting Adobe flaws in year-long, ongoing assault on US government sites

Filed Under: Data loss, Featured, Law & order, Security threats, Vulnerability

FBI sealHackers aligning themselves with the Anonymous brand have been using a flaw in Adobe's software to launch a year-long series of attacks on US government computers that the FBI believes is still ongoing, according to Reuters.

A memo sent out by the US Federal Bureau of Investigations (FBI) on Thursday described the attacks as "a widespread problem that should be addressed", according to the news agency, which says that it's seen the memo.

The FBI said that the hackers exploited a flaw in Adobe's software to breach the US Army, Department of Energy, Department of Health and Human Services, and what ongoing investigations may reveal to be many more federal agencies.

The cyber break-ins began almost a year ago, in December 2012, and included the installation of "back doors" that would enable intruders to get back into the systems as recently as last month, the FBI said in the memo.

Officials linked the ongoing assault with Lauri Love, a British man who in October was charged with hacking into the computer systems of the US army, NASA, and many other federal agencies.

Investigators believe the attacks began when Love and others took advantage of a security flaw in Adobe's ColdFusion web application development platform.

Reuters also referred to an internal email dated 10 October from Energy Secretary Ernest Moniz's chief of staff, Kevin Knobloch.

The email described the breached data as including the personal information of at least 104,000 employees, contractors, family members and others associated with the Department of Energy, along with information on thousands of bank accounts.

Officials are reportedly "very concerned" that loss of the banking information could lead to attempts to swindle funds out of accounts.

Some of the breaches and pilfered data in this campaign have been publicized by self-proclaimed Anonymous members, as part of what the group calls "Operation Last Resort".

Aaron SwartzOperation Last Resort purportedly demands that the US reform its computer crime law in the wake of Aaron Swartz's suicide.

Attacks carried out under the operation may have included the February 2013 hack of the US Federal Reserve during the Super Bowl, which might have also been enabled by ColdFusion vulnerabilities.

Other Operation Last Resort attacks, which began about a year ago, involved installing the Asteroids game on hacked sites belonging to US sentencing and probation agencies.

Besides such publicized intrusions, however, lies an undetermined number yet to be discovered, the FBI wrote in its memo:

The majority of the intrusions have not yet been made publicly known. It is unknown exactly how many systems have been compromised, but it is a widespread problem that should be addressed.

, , ,

You might like

5 Responses to FBI: Anonymous has been exploiting Adobe flaws in year-long, ongoing assault on US government sites

  1. lonervamp@gmail.com · 337 days ago

    When Adobe products are full of holes...and your target uses Adobe products...there should be no surprise. :) ColdFusion was a security problem even 10 years ago, let alone today.

  2. Anonymous · 337 days ago

    "a widespread problem that should be addressed", Really? They've been hacked for over a year and it is only "a widespread problem that should be addressed"! Our tax dollars at work! I am soooooo glad that they are "very concerned". What a pathetically weak-kneed response.

  3. Andrew · 337 days ago

    Time these people are caught and brought to justice

    • smileadon · 337 days ago

      YES...Bring the government to justice!

    • I, Anon · 337 days ago

      I agree. The criminals in the U.S. government must be brought to justice as soon as possible.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

I've been writing about technology, careers, science and health since 1995. I rose to the lofty heights of Executive Editor for eWEEK, popped out with the 2008 crash, joined the freelancer economy, and am still writing for my beloved peeps at places like Sophos's Naked Security, CIO Mag, ComputerWorld, PC Mag, IT Expert Voice, Software Quality Connection, Time, and the US and British editions of HP's Input/Output. I respond to cash and spicy sites, so don't be shy.