view counter

CybersecurityHacktivists have been stealing information from U.S. computers for a year

Published 22 November 2013

The FBI reports that activist hackers linked to the group Anonymous have been accessing the computers of numerous government agenciesfor almost a year, and stealing sensitive information. The hackers took advantage of a flaw in Adobe Systems’ColdFusion software to launch a series of intrusions which began December 2012, and then left “back doors” to return to the computers multiple times.

The Federal Bureau of Investigation (FBI) reports that activist hackers linked to the group Anonymous have been accessing the computers of numerous government agenciesfor almost a year, and stealing sensitive information. The hackers took advantage of a flaw in Adobe Systems Inc’s ColdFusion software to launch a series of intrusions which began December 2012, and then left “back doors” to return to the computers multiple times, as recent as last month.

ColdFusion is an Adobe software used by several companies to build Web sites. Adobe spokeswoman Heather Edell, said the majority of attacks involving ColdFusion have exploited systems which were not updated with the latest security patches.

CRN reports that according to an FBI memo, the FBI described the attacks as “a widespread problem that should be addressed.” The security breach is said to have affected the U.S. Army, Department of Energy (DOE), Department of Health and Human Services (HHS), and perhaps several other agencies.

The FBI continues to gather information to understand the scope of the case, and the agency has issued a notice to system administrators providing methods to determine whether a system has been compromised. 

Reuters reports that an internal e-mail from Kevin Knobloch, chief of staff for Energy Secretary Ernest Moniz, notes that the stolen data included personal information on at least 104,000 employees and individuals associated with DOE, along with information in almost 2,000 bank accounts.

Previous intrusions by Anonymous include the attack on Sony which disrupted its PlayStation network for weeks; the assault on PayPal after PayPal stopped processing donations to anti-government privacy site, Wikileaks; and an attack on security firm HBGary in which thousands of sensitive emails were leaked to the public.

CRN notes that members of Anonymous have claimed that their recent attacks were in retaliation for the prosecution of hackers, including Jeremy Hammond, who was sentenced last week to ten years in prison for his role in the attacks on the private security intelligence firm Stratfor. Stratfor acknowledged that its systems were breached and hackers used stolen credit card data to charge $700,000 worth of fraudulent donations to nonprofit groups.

“The majority of the intrusions have not yet been made publicly known,” according to the FBI. “It is unknown exactly how many systems have been compromised, but it is a widespread problem that should be addressed.”

view counter
view counter