A British man has been charged in the US with breaking into thousands of American government computer systems to steal “massive quantities” of confidential data.
Lauri Love, 28, and three unnamed co-conspirators, allegedly infiltrated the systems of the US army, US Missile Defence Agency, Environmental Protection Agency and Nasa, resulting in millions of dollars of losses, the New Jersey US attorney’s office said on Monday.
Mr Love was arrested on Friday by officers from the UK’s National Crime Agency’s cyber crime unit under the Computer Misuse Act, which covers crimes committed from within the UK against computers anywhere in the world.
He has been charged with one count of unauthorised accessing of a US department or agency computer and another count of conspiring to do so. He has been released on bail until February.
Paul Fishman, the New Jersey US attorney, said: “As part of their alleged scheme, they stole military data and personal identifying information belonging to servicemen and women. Such conduct endangers the security of our country and is an affront to those who serve.”
The indictment says the hackers’ aim was to “disrupt the operations and infrastructure of the United States government”. If convicted, Mr Love faces up to five years’ imprisonment and a $250,000 fine, or twice the gross gain or loss from each offence.
The Grand Jury indictment says that Mr Love and his conspirators – one based in Sweden and two in Australia – “placed hidden ‘shells’ or ‘back doors’ within the networks, which allowed [them] to return to the compromised computer systems at a later date and steal confidential data”.
It alleges that the data they stole included budgeting information and the personal details of thousands of people including military personnel.
They are said to have identified targets, and planned and conducted attacks in secure online chat forums known as internet relay chats.
According to the indictment, Mr Love said in one chatroom exchange that “you have no idea how much we can f*** with the US government if we wanted to. This . . . stuff is really sensitive”. He is said to have added: “It’s basically every piece of information you’d need to do full identity theft on any employee or contractor for the [government agency].”