FBI Warns That Anonymous Has Hacked US Government Sites for a Year

WHISTLEBLOWING - SURVEILLANCE, 18 Nov 2013

The Guardian – TRANSCEND Media Service

Official memo says that activist collective launched a rash of electronic break-ins beginning last December.

Campaigners say the Anonymous attacks were in retaliation for overzealous prosecution of hackers. Photograph: Alex Milan Tracy/Demotix/Corbis

Activist hackers linked to the collective known as Anonymous have secretly accessed US government computers and stolen sensitive information in a campaign that began almost a year ago, the FBI warned this week.

The hackers exploited a flaw in Adobe Systems Inc’s software to launch a rash of electronic break-ins that began last December, the FBI said in a memo seen by Reuters, then left “back doors” to return to many of the machines as recently as last month.

The news comes a day after an Anonymous activist received a 10-year sentence for his role in releasing thousands of emails from the private intelligence firm Stratfor. On Friday [15 Nov 2013] Jeremy Hammond told a Manhattan court he had been directed by an FBI informant to break into the official websites of several governments around the world.

Hammond, who called his sentence a”vengeful, spiteful act”, said of his prosecutors: “They have made it clear they are trying to send a message to others who come after me. A lot of it is because they got slapped around, they were embarrassed by Anonymous and they feel that they need to save face.”

He also said the FBI had directed his attacks on foreign websites: “The government celebrates my conviction and imprisonment, hoping that it will close the door on the full story. I took responsibility for my actions, by pleading guilty, but when will the government be made to answer for its crimes?”

The FBI memo about the Adobe Systems attacks, which was distributed on Thursday, described the attacks as “a widespread problem that should be addressed”. It said the breach affected the US army, Department of Energy, Department of Health and Human Services, and perhaps many more agencies.

Officials said the hacking was linked to the case of Lauri Love, a British resident indicted on 28 October for allegedly hacking into computers at the Department of Energy, army, Department of Health and Human Services, the US Sentencing Commission and elsewhere. Investigators believe the attacks began when Love and others took advantage of a security flaw in Adobe’s ColdFusion software, which is used to build websites.

Investigators are still gathering information on the scope of the cyber campaign, which the authorities believe is continuing. The FBI document tells system administrators what to look for to determine if their systems are compromised.

An FBI spokeswoman declined to elaborate.

According to an internal email from Kevin Knobloch, chief of staff to the energy secretary, Ernest Moniz, the stolen data included personal information on at least 104,000 employees, contractors, family members and others associated with the Department of Energy, along with information on almost 2,0000 bank accounts. The email, dated 11 October, said officials were “very concerned” that the loss of the banking information could lead to thieving attempts.

An Adobe spokeswoman, Heather Edell, said she was not familiar with the FBI report. She added that the company has found that the majority of attacks involving its software have exploited programs that were not updated with the latest security patches.

The Anonymous group is a collective that conducts multiple hacking campaigns at any time, some with a few participants and some with hundreds. Its members have disrupted eBay Inc’s PayPal after it stopped processing donations to the anti-secrecy site Wikileaks. Anonymous has also launched more sophisticated attacks against Sony Corp and the security firm HBGary Federal.

Some of the breaches and stolen data in the latest campaign had previously been publicised by people who identify with Anonymous, as part of what the group dubbed “Operation Last Resort”. Among other things, the campaigners said the operation was in retaliation for overzealous prosecution of hackers, including the lengthy penalties sought for Aaron Swartz, a well-known computer programmer and internet activist who killed himself before a trial over charges that he illegally downloaded academic journal articles from a digital library known as JSTOR.

Despite the earlier disclosures, “the majority of the intrusions have not yet been made publicly known,” the FBI wrote. “It is unknown exactly how many systems have been compromised, but it is a widespread problem that should be addressed.”

Go to Original – theguardian.com

Share this article: email mastodon facebook 🔗 copy link

DISCLAIMER: The statements, views and opinions expressed in pieces republished here are solely those of the authors and do not necessarily represent those of TMS. In accordance with title 17 U.S.C. section 107, this material is distributed without profit to those who have expressed a prior interest in receiving the included information for research and educational purposes. TMS has no affiliation whatsoever with the originator of this article nor is TMS endorsed or sponsored by the originator. “GO TO ORIGINAL” links are provided as a convenience to our readers and allow for verification of authenticity. However, as originating pages are often updated by their originating host sites, the versions posted may not match the versions our readers view when clicking the “GO TO ORIGINAL” links. This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available in our efforts to advance understanding of environmental, political, human rights, economic, democracy, scientific, and social justice issues, etc. We believe this constitutes a ‘fair use’ of any such copyrighted material as provided for in section 107 of the US Copyright Law. In accordance with Title 17 U.S.C. Section 107, the material on this site is distributed without profit to those who have expressed a prior interest in receiving the included information for research and educational purposes. For more information go to: http://www.law.cornell.edu/uscode/17/107.shtml. If you wish to use copyrighted material from this site for purposes of your own that go beyond ‘fair use’, you must obtain permission from the copyright owner.

Comments are closed.