A British man has been charged with hacking into the computer systems of the US army, NASA and many other federal agencies.
The 28-year-old from Suffolk, named as Lauri Love, was arrested under the Computer Misuse Act by officers from the UK’s new National Crime Agency. The arrest came after an international investigation led by the US army’s criminal investigation command in conjunction with the FBI in Newark.
Officials say that Love, along with three other alleged hackers from Sweden and Australia, tried to break into networks belonging to America’s Missile Defence Agency, NASA, the US Army Corps of Engineers and an environment agency between October 2012 and October 2013.
US prosecutors described Love as a “sophisticated and prolific computer hacker” who allegedly stole “massive quantities of sensitive data” which, they claim, resulted in “millions of dollars in losses.”
An indictment served in a federal court in Newark, New Jersey said that:
Between October 2012 and October 2013, Love and fellow conspirators sought out and hacked into thousands of computer systems. Once inside the compromised networks, Love and his conspirators placed hidden "shells" or "back doors" within the networks, which allowed them to return to the compromised computer systems at a later date and steal confidential data. The stolen data included the personally identifying information (PII) of thousands of individuals, some of whom were military servicemen and servicewomen, as well as other nonpublic material.
Love, and his three accomplices, allegedly stole data on more than 500 individuals, as well as information about government budgets and the “demolition and disposal of military facilities.”
The 22-page indictment includes alleged extracts from conversations between Love and his co-conspirators. In one, Love, who was active in Scotland during the 2011 Occupy protests, is said to have discussed how the group “might be able to get at real confidential shit” through targeting certain systems.
According to the indictment another alleged conversation said:
This ... stuff is really sensitive. ... It's basically every piece of information you'd need to do full identity theft on any employee or contractor for the [government agency].
It is also claimed that Love, who used the online pseudonyms of ‘nsh’, ‘route’, ‘peace’ and ‘love’, planned to use Twitter and other social media platforms to publicise the attacks.
The US government says that the aim of the co-conspirators was “to disrupt the operations and infrastructure” of the federal government.
US prosecutor Paul Fishman said:
According to the indictment, Lauri Love and conspirators hacked into thousands of networks, including many belonging to the United States military and other government agencies. As part of their alleged scheme, they stole military data and personal identifying information belonging to servicemen and women. Such conduct endangers the security of our country and is an affront to those who serve.
Love, who has not been charged in the UK, has been released on bail until February and could be extradited to the US where, if convicted, he could face up to ten years in prison plus a fine equal to double the financial damage caused.
Andy Archibald, Head of the National Crime Agency’s National Cyber Crime Unit, said:
This arrest is the culmination of close joint working by the NCA, Police Scotland and our international partners.
Cyber-criminals should be aware that no matter where in the world you commit cyber crime, even from remote places, you can and will be identified and held accountable for your actions. The NCA has well developed law enforcement alliances globally and we will pursue and deal robustly with cyber-criminals.
The arrest of Love comes at a time when Conservative MPs are looking to tighten up the UK-US extradition treaty. If amendments to the Anti-social Behaviour, Crime and Policing Bill are agreed then British citizens may be afforded more protection when faced with European Arrest Warrants (EAW) or extradition to the US.
Love may be hoping that such an amendment does comes into force in order to allow him to avoid a similar fate to that of Gary McKinnon.
McKinnon, who has Asperger’s Syndrome, fought a 10-year legal battle to avoid being extradited to the US to answer similar charges of hacking into computer systems run by NASA and the United States military.