STE WILLIAMS

The FBI has put out a wanted poster and Interpol has issued red notices looking for help in tracking down a gang of seven swindlers who allegedly ran a $3 million (£1.8m) scam, selling cars that were just figments of their very active imaginations.

The alleged crooks – six of whom are Romanian, one of whom is Albanian – have been indicted for selling fictional cars, motorcycles, boats, and other high-ticket items through sites including eBay, Cars.com, AutoTrader.com, and CycleTrader.com.

The man featured in the wanted poster is Nicolae Popescu, a 33-year-old Romanian the authorities say is the head of the gang.

According to a statement released by the United State Attorney’s Office for the Eastern District of New York on 24 October, one of the indicted men was actually arrested in 2010 but evaded authorities when he walked out of a Romanian courthouse over a bureaucratic issue.

Wired reports that the man who walked out was Popescu himself.

He had been detained under a so-called preventive arrest.

Under Romanian law, defendants can be held for up to 29 days while an investigation is underway if authorities prove that they need to hold the suspect while evidence is examined.

But while the court was busy ruling on an extended arrest for the other suspects, Popescu was allowed to simply walk out of the courthouse. The deadline for his initial arrest had passed, and the court hadn’t yet ruled on his extended detention, so he was free to go.

Besides Popescu, the authorities are also seeking fellow Romanians Daniel Alexe, Dmitru Daniel Bosogioiu, Ovidiu Cristea, and Dragomir Razvan. They’re also hunting an Albanian national named Fabjan Meme.

Also listed in the indictment is a defendant who goes by the names “George Skyper” and “Tudor Barbu Lautaru.”

The nonexistent merchandise was quite high-end, generally priced in the $10,000 to $45,000 range.

The ruses they allegedly pulled to sell the mirages were quite convincing.

The men allegedly employed helpers to correspond with targeted buyers by email, sending bogus certificates of title and other materials designed to peel money from their victims.

They also allegedly cooked up fictional auto dealerships in the US to sell their fictional cars, even creating phony websites for the purported dealerships.

The defendants also allegedly counterfeited high-quality passports that were used by co-conspirators in the US to open bank accounts in the country.

After the supposed auto sellers reached an agreement with their victims, they’d often email them invoices purporting to be from Amazon Payments, PayPal, or other online payment services, with instructions to transfer the money to the US bank accounts used by the defendants.

Authorities said that the alleged fraudsters and their accomplices also used counterfeit service marks on the invoices so that they appeared identical to those of legitimate payment services.

The funds were then withdrawn from the US bank accounts and sent to the accused men in Europe via wire transfer and other methods.

While the goods they allegedly sold were nonexistent, authorities say the gang put a chunk of the proceeds into very real, very high-end watches.

The indictment charges Popescu with directing Cristea to obtain and transfer luxury watches purchased using the illegal proceeds of the scheme, including three Audemars Piguet watches with a combined retail value of over $140,000, to his European associates.

Authorities say that the watches deal was only one of Popescu’s responsibilities in leading the syndicate.

They say that he also hired and fired passport makers based on the quality of their work, supervised those responsible for placing the bogus ads and corresponding with victims, and ensured that the ill-gotten loot transferred to the US bank accounts was quickly collected and transferred to himself and others acting on his behalf in Europe.

According to Wired, the gang operated since at least 2006.

Wired also reports that police have identified about 800 victims who handed over money for non-existent Rolex watches, cars, yachts, private airplanes and other luxury goods.

According to the BBC, eBay put out a statement warning buyers from using wire services to send payments:

We have partnered with law enforcement to alert consumers about the type of scams described in the indictment – which involve exploiting well-known, trusted brand names like eBay to attract consumers and then lure them onto fake websites and into fraudulent transactions.

Auto shoppers can be confident in their purchase by ensuring they start and complete their transactions on eBay Motors and never use money wire services to send payments.

The indictment says that in a recorded conversation from 23 October 2011, Bosogioiu asked Popescu about the difference between US federal and state law, vowing to avoid the FBI.

But for whatever reason, the alleged fraudsters thought that Romania was too far away from the US for them to get into trouble.

Popescu, in a second recorded conversation, poo-poo’ed the idea of getting caught, saying that “criminals will not be extradited from Romania to U.S.A. . . . [I]t will never happen.”

Can you just imagine what the Feds thought, listening in on that? I can practically hear FBI teeth gnashing.

Follow @LisaVaas

Follow @NakedSecurity

Image of watch courtesy of Flickr user Kitchener.Lord

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/xl67gGDhLeI/

A British man has been charged with hacking into the computer systems of the US army, NASA and many other federal agencies.

The 28-year-old from Suffolk, named as Lauri Love, was arrested under the Computer Misuse Act by officers from the UK’s new National Crime Agency. The arrest came after an international investigation led by the US army’s criminal investigation command in conjunction with the FBI in Newark.

Officials say that Love, along with three other alleged hackers from Sweden and Australia, tried to break into networks belonging to America’s Missile Defence Agency, NASA, the US Army Corps of Engineers and an environment agency between October 2012 and October 2013.

US prosecutors described Love as a “sophisticated and prolific computer hacker” who allegedly stole “massive quantities of sensitive data” which, they claim, resulted in “millions of dollars in losses.”

An indictment served in a federal court in Newark, New Jersey said that:

Between October 2012 and October 2013, Love and fellow conspirators sought out and hacked into thousands of computer systems. Once inside the compromised networks, Love and his conspirators placed hidden “shells” or “back doors” within the networks, which allowed them to return to the compromised computer systems at a later date and steal confidential data. The stolen data included the personally identifying information (PII) of thousands of individuals, some of whom were military servicemen and servicewomen, as well as other nonpublic material.

Love, and his three accomplices, allegedly stole data on more than 500 individuals, as well as information about government budgets and the “demolition and disposal of military facilities.”

The 22-page indictment includes alleged extracts from conversations between Love and his co-conspirators. In one, Love, who was active in Scotland during the 2011 Occupy protests, is said to have discussed how the group “might be able to get at real confidential shit” through targeting certain systems.

According to the indictment another alleged conversation said:

This … stuff is really sensitive. … It’s basically every piece of information you’d need to do full identity theft on any employee or contractor for the [government agency].

It is also claimed that Love, who used the online pseudonyms of ‘nsh’, ‘route’, ‘peace’ and ‘love’, planned to use Twitter and other social media platforms to publicise the attacks.

The US government says that the aim of the co-conspirators was “to disrupt the operations and infrastructure” of the federal government.

US prosecutor Paul Fishman said:

According to the indictment, Lauri Love and conspirators hacked into thousands of networks, including many belonging to the United States military and other government agencies. As part of their alleged scheme, they stole military data and personal identifying information belonging to servicemen and women. Such conduct endangers the security of our country and is an affront to those who serve.

Love, who has not been charged in the UK, has been released on bail until February and could be extradited to the US where, if convicted, he could face up to ten years in prison plus a fine equal to double the financial damage caused.

Andy Archibald, Head of the National Crime Agency’s National Cyber Crime Unit, said:

This arrest is the culmination of close joint working by the NCA, Police Scotland and our international partners.

Cyber-criminals should be aware that no matter where in the world you commit cyber crime, even from remote places, you can and will be identified and held accountable for your actions. The NCA has well developed law enforcement alliances globally and we will pursue and deal robustly with cyber-criminals.

The arrest of Love comes at a time when Conservative MPs are looking to tighten up the UK-US extradition treaty. If amendments to the Anti-social Behaviour, Crime and Policing Bill are agreed then British citizens may be afforded more protection when faced with European Arrest Warrants (EAW) or extradition to the US.

Love may be hoping that such an amendment does comes into force in order to allow him to avoid a similar fate to that of Gary McKinnon.

McKinnon, who has Asperger’s Syndrome, fought a 10-year legal battle to avoid being extradited to the US to answer similar charges of hacking into computer systems run by NASA and the United States military.

Follow @Security_FAQs

Follow @NakedSecurity

Image of US Army badge courtesy of Shutterstock.

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/5KCKa16KK2U/

Email delivery: Hate phishing emails? You’ll love DMARC

The brief thawing of Australian government attitudes to Huawei has turned out to be a false springtime, with the nation’s new Attorney-General George Brandis deciding that the decision to keep the Chinese giant out of the National Broadband Network (NBN) will remain.

According to the Australian Financial Review, the decision comes after briefings from unnamed intelligence services.

Huawei had been excluded from providing kit to the NBN under the previous government, shortly after US President Barack Obama’s visit to the country in November 2011. It’s often been assumed Obama, or one of those who made the visit with him, whispered something scary into Australia’s ear about the Chinese company during that visit.

Before Australia’s election, which saw the Liberal/National coalition replace the Labor government, various senior Liberal Party figures floated a review of Huawei’s pariah status. That Huawei had appointed former Liberal Party ministers to its board was seen as a sign the company would receive a favorable hearing from the new government.

As Vulture South previously reported, this appeared to suggest the vendor’s long work to get on the right side of the government was starting to pay off, something now scuppered by Brandis.

The attorney-general hasn’t detailed the reasons for his decision, merely telling the AFR that “Since the election the new government has had further briefings from the national security agencies. No decision has been made by the new government to change the existing policy.”

Which leaves open an important question: if the USA thinks Huawei is dangerous and Australia thinks Huawei is dangerous and the two share intelligence, as we know they do, why doesn’t the UK think Huawei is dangerous? ®

Supercharge your infrastructure

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/10/29/huawei_still_scary_say_spooks_to_new_oz_government/

Email delivery: Hate phishing emails? You’ll love DMARC

Russian authorities have claimed that household appliances imported from China contain tiny computers that seek out open WiFi networks and then get to work sending spam and distributing malware.

St Petersburg news outlet Rosbalt reported last week that local authorities had examined kettles and irons and found “20 to 30 pieces of Chinese home appliance ‘spy’ microchips” that “sends some data to the foreign server”.

Just what data is being sent and to where is not discussed, which had Vulture South thinking the report might be spurious.

A bit of digging suggests it is legitimate. One source the story mentions, Gleb Pavlov of customs broker Panimport can be found at the link we’ve popped in on the company’s name. We’ve also been able to find this linkto an appliances company called “Sable Ltd”, the very name translation engines say is the employer of one Innokenty Fedorov whose company found the bugged appliances.

Next question: could someone build a spambot small enough to hide in a kettle or iron? We see no reason why not: the components are small and cheap enough. One last wrinkle: could one convert Russia’s 220v electricity supply to power a small electronic device without frying it, and without making an iron or kettle look rather odd? The answer is yes: all manner of tiny PCB transformers can be had to do the job.

Which leaves just one problem in the story: the fact that the report says the WiFi slurper-equipped kit was detected because the appliances were overweight. Unless the appliances were being air-freighted a handful of grams either way would not raise eyebrows, and it is hard to imagine low-cost items like irons were considered worthy of a plane trip. We surmise that whoever made the killer kettles and infiltrated irons cobbled them together with unlovely components that made their presence obvious. ®

Supercharge your infrastructure

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/10/29/dont_brew_that_cuppa_your_kettle_could_be_a_spambot/

Email delivery: Hate phishing emails? You’ll love DMARC

LinkedIn, the social network for suits, has come out in defence of its LinkedIn Intro app after security researchers panned it for making users’ emails vulnerable to hackers.

LinkedIn Intro is an iOS application that allows iPhone or fondleslab users to route their email through so that they receive background information on an email sender or receiver.

However, security critics have described the product – a proxy service that processes emails sent through iPhones in order to inject LinkedIn information into your communiqués – as a security risk of dubious utility. Several described it as a man in the middle attack.

LinkedIn described these and other criticisms as based on a flawed perception of its latest offering. The product has been through both internal and external reviews to verify its benign nature prior to its launch last week, Cory Scott, a senior manager for information security LinkedIn, argues in a blog post.

When the LinkedIn Security team was presented with the core design of Intro, we made sure we built the most secure implementation we believed possible. We explored numerous threat models and constantly challenged each other to consider possible threat scenarios.

As well as a third-party code review of the credential handling and mail parsing/insertion code by security consultancy iSEC Partners, LinkedIn also hardened external and internal-facing services as well as taking steps to reduce “exposure to third-party monitoring services and tracking”. A “Tiger Team” of experienced internal testers “worked closely with the Intro team to make sure identified vulnerabilities were addressed,” LinkedIn adds.

LinkedIn also says that it has put monitoring in place to “detect any potential attacks, react quickly, and immediately minimize exposure”. The social network is also trying to assuage privacy and eavesdropping concerns.

All communications use SSL/TLS at each point of the email flow between the device, LinkedIn Intro, and the third-party mail system. When mail flows through the LinkedIn Intro service, we make sure we never persist the mail contents to our systems in an unencrypted form. And once the user has retrieved the mail, the encrypted content is deleted from our systems.

LinkedIn adds that security firm Bishop Fox was all wrong in suggesting that its service changes an iPhone’s security profile.

“Intro works by pushing a security profile to your device,” said the firm’s blog. “But, these security profiles can do much, much more than just redirect your emails to different servers. A profile can be used to wipe your phone, install applications, delete applications, restrict functionality, and a whole heap of other things.”

Taken in isolation, you’d assume that LinkedIn was responding to a small group of naysayers but the criticism is far more widespread than that. The company’s response, though indubitably sincere, ignores the central critique that LinkedIn Intro is essentially a bit useless as well as featuring a “man in the middle” architecture that turns the stomach of security pros.

“Having all your email scanned by LinkedIn automation to inject the contact profile banners is a marginal convenience feature at best,” said Gene Meltser, technical director at Neohapsis Labs.

“I can’t think of a situation where a user would agree to a reduced level of transport security of their emails in exchange of the novelty of being able to instantly view their LinkedIn contact’s details in the iPhone email client.”

LinkedIn is the process of defending itself against a lawsuit alleging it hacks into members’ email accounts before uploading their address books and spamming their contacts. The social business network is contesting this class-action lawsuit, which it argues is without merit. ®

Supercharge your infrastructure

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/10/29/linkedin_defends_intro/

News, opinion, advice and research: here’s our latest quarter-hour security podcast, featuring Chet and Duck (Chester Wisniewski and Paul Ducklin) with their informative and entertaining take on the latest security news.

You may have noticed that it’s only a week since the latest full Chet Chat.

That’s not a mistake – by popular request, we’re going back to a weekly format, so your favourite security pocast will now come out twice as often as before!

By the way, you can keep up with all our podcasts via RSS or iTunes, and catch up on previous Chet Chats by browsing our podcast archive.

Listen to this episode

Play now:

(28 October 2013, duration 13’27”, size 8.1MB)

Download for later:

Sophos Security Chet Chat #121 (MP3)

Stories covered in Chet Chat #120

• WordPress 3.7 with automatic security updating is out now
• OS X Mavericks – optional OS upgrade or critical security fix?
• Apple’s iCloud iConundrum – does convenience mean insecurity?
• Is your smartphone broadcasting your movements when you shop?
• Doctors disabled wireless in Dick Cheney’s pacemaker to thwart hacking

Previous episodes

Don’t forget: for a regular Chet Chat fix, follow us via RSS or on iTunes.

Follow @NakedSecurity

Follow @duckblog

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/N2WpwTBWs8Y/

Free Regcast : Microsoft Cloud OS

A few years back Google got into fearful trouble by recording the location of WiFi transceivers without asking for their owners’ permission. Lots of public outrage later, regulators pulled out their biggest and pointiest sticks and the Chocolate Factory destroyed the data.

What then to make of the newly-revealed Mozilla Location Service, “an experimental pilot project to provide geolocation lookups based on publicly observable cell tower and WiFi access point information”, that does more or less the same thing?

Mozilla says the service is an experiment “… to assess the impact Mozilla can have on the geolocation landscape, specifically to improve user privacy and enable innovation by creating public data sets”. The organisation is trying to position itself as an honest broker, with the following explanation of its intentions:

“Geolocation lookup is a very useful service to provide to users. There’s no public data set to provide this service. None of the current companies offering this type of service have any incentive to improve on privacy. Geolocation lookup and the potential for tracking the physical movement of individuals is a serious privacy issue.

Why Mozilla? The web platform needs the capability, and currently we have to provide it in our offerings through business deals without much impact on the privacy aspects of the service. We have a unique access to Firefox on lots of devices for gathering and reporting back data. We don’t have to monetize the gathered data and can make it available to the public. If we can run a successful service, we get leverage to improve the privacy aspects in the landscape.”

The foundation intends to crowdsource location data through tools like this “MozStumbler” app on GitHub. The app records SSIDs and tags them with GPS co-ordinates, uploads them to Mozilla and can also allow users to see their progress on leaderboards that turn collecting data into a fun compeition.

Google got into trouble with its geolocation service because it collected data that may have made it possible to identify individuals. Mozilla’s privacy parameters suggest it knows of that strife and plans to avoid it, with the following regime:

“For the purposes of the geo-location service we are only interested in the public metadata about wifi networks, specifically the technology standard in-use, the frequency it’s operated on, the signal strength and the technical network name (bssid). We’ll never listen in or record actual network traffic.

For the wifi operator to opt-out, we follow the industry standard of filtering out any wifi networks with a clear text name (ssid) ending in ‘_nomap’ and ignore any ad-hoc wifi networks. Both of these filter actions happen on the client side, so our service never sees them.”

The organisation has, however, left the door open to future services based on IP addresses, saying that “In the future we might want to use Geo-IP based lookups to enhance or provide coarse-grained fallback for the service. Before we do this, we’ll do a thorough analysis of the involved risk, as the combination of IP address and time of service usage can uniquely identify users.” ®

Email delivery: Hate phishing emails? You’ll love DMARC

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/10/29/mozilla_goes_where_google_fears_to_tread_with_geolocation_service/

Email delivery: Hate phishing emails? You’ll love DMARC

An Israeli security firm will expose a flaw common to thousands of iPhone and iPad applications, which allows miscreants to hijack software using man-in-the-middle attacks.

“We identified a very large number of applications that are vulnerable to this problem,” Skycure’s CTO Yair Amit told The Register. The programming error will be revealed at the RSA Europe conference in Amsterdam on Tuesday.

“Usually we go through responsible disclosure and contact specific vendors of programs, solve it, then talk about it. In this case it’s an interesting challenge in that there’s a huge amount of applications, too many to have an organized disclosure route, so we give developers the information they need to fix the applications.”

The researchers at Skycure have dubbed the attack [PDF] HTTP Request Hijacking. It basically works by exploiting weaknesses in the way the apps communicate with backend servers provided by their developers or any other websites.

An attacker needs to intercept an app’s attempt to fetch data via HTTP and reply with a HTTP 301 code that tells the program the requested resource has moved permanently to another address, ie: one controlled by the hijacker.

The attack effectively shifts the URL consulted by an application from that used by the developer to whatever the attacker fancies without needing to alert the user.

There’s no outward sign that the application has been subverted, Amit said, and once the application is breached it can be manipulated into providing any information sent down the line. He cited the hacked AP Twitter feed that briefly wiped billions off the Dow Jones Industrial Average in April as one possible use for the attack.

The 301 problem has been highlighted as a possible hacking vector before, and best coding practice involves setting up at least a secondary URL that the application automatically defaults to before accepting the redirect. But it seems few coders got the message on this, based on Skycure’s research.

Fixing the issue is relatively simple. The company will post a source code fix that can be dropped into applications quickly by developers, and open up a repository of reference material that can be consulted to avoid the problem in the future. Amit said Apple was warned about the issue, but he added that the flaw was in application coding, rather than subverting iOS itself. ®

Supercharge your infrastructure

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/10/29/thousands_of_ios_apps_left_wide_open_to_redirection/

Email delivery: Hate phishing emails? You’ll love DMARC

The Syrian Electronic Army has been up to its old tricks again, this time claiming to have infiltrated president Barack Obama’s official Twitter and Facebook accounts, and re-election web site.

A series of tweets were sent from @BarackObama account and updates were made to the president’s Facebook account on Monday linking to a YouTube video from the pro-Assad hacktivist collective.

Rather than hack the accounts themselves, those responsible appear to have achieved their aims by compromising URL shortening service ShortSwitch, researchers at Symantec said.

The website donate.barackobama.com was temporarily redirected to the Syrian Electronic Army site, according to The Hacker News.

Some tweets from the SEA’s official account seemed to confirm the reports.

It appears the SEA got the info it needed to launch its attack by hacking staff emails from the non-profit which runs Obama’s website, Twitter account and Facebook account – Organizing For Action (OFA).

The SEA told Mashable that OFA staff “didn’t even enabled (sic) two-step verification” on their Gmail accounts.

As pointed out by Symantec, the OFA emails could have been targeted in the same way as those at The Onion earlier this year, with staff sent phishing emails linking to spoofed Google Apps login pages.

The security firm had the following advice for Google Apps users and admins:

Two-factor authentication for email is an important security feature that should be enabled. In the scenarios such as the one above, two-factor authentication would have helped the staff members of OFA mitigate an attempt by hackers to obtain access to the Obama campaign’s Google Apps email account.

If you are a Google Apps administrator, Symantec Security Response recommends turning on the two-factor authentication feature. Follow these instructions to allow two-factor authentication (2-step verification).

Google Apps administrators also have the option to “enforce” two-factor authentication, making it mandatory for all users of that domain. Please refer to Google’s help page for how to enable this feature.

The Syrian Electronic Army has claimed several high profile successes in the past few months, including web site defacements of CNN, Time and other media companies, and a data slurp of chat app Tango.

Obama’s social media accounts and web site now appear to be back to normal. ®

Supercharge your infrastructure

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/10/29/sea_hijack_obama_twitter_facebook_hack/

NEWARK, N.J. – The New Jersey U.S. Attorney’s Office has charged an alleged hacker in the United Kingdom with breaching thousands of computer systems in the United States and elsewhere – including the computer networks of federal agencies – to steal massive quantities of confidential data, U.S. Attorney Paul J. Fishman announced.

The federal indictment, filed in Newark federal court, charges Lauri Love, 28, of Stradishall, England, with one count of accessing a U.S. department or agency computer without authorization and one count of conspiring to do the same. An investigation led by the U.S. Army Criminal Investigation Command-Computer Crime Investigative Unit and the FBI in Newark revealed that Love allegedly illegally infiltrated U.S. government computer systems – including those of the U.S. Army, U.S. Missile Defense Agency, Environmental Protection Agency and National Aeronautics and Space Administration – resulting in millions of dollars in losses.

Law enforcement authorities in the United Kingdom, including investigators with the Cyber Crime Unit of the National Crime Agency (NCA), announced today that they arrested Love at his residence Friday, Oct. 25, 2013, in connection with an ongoing investigation by the NCA. Love was previously charged in New Jersey by federal complaint, also unsealed in connection with his arrest. He also is charged in a criminal complaint in the Eastern District of Virginia with alleged conduct related to other intrusions.

“According to the indictment, Lauri Love and conspirators hacked into thousands of networks, including many belonging to the United States military and other government agencies,” said U.S. Attorney Fishman. “As part of their alleged scheme, they stole military data and personal identifying information belonging to servicemen and women. Such conduct endangers the security of our country and is an affront to those who serve.”

According to the indictment unsealed in Newark federal court:

Between October 2012 and October 2013, Love and fellow conspirators sought out and hacked into thousands of computer systems. Once inside the compromised networks, Love and his 2

conspirators placed hidden “shells” or “back doors” within the networks, which allowed them to return to the compromised computer systems at a later date and steal confidential data. The stolen data included the personally identifying information (PII) of thousands of individuals, some of whom were military servicemen and servicewomen, as well as other nonpublic material.

“Computer intrusions present significant risks to national security and our military operations,” said Daniel Andrews, director of the U.S. Army Criminal Investigation Command’s Computer Crime Investigative Unit. “The borderless nature of Internet-based crime underscores the need for robust law enforcement alliances across the globe. We appreciate the bilateral support of the National Crime Agency in bringing cyber criminals to justice.”

“This investigation shows the necessity and value of strong partnerships among law enforcement agencies worldwide in the fight against cyber criminals,” said FBI Special Agent in Charge Aaron T. Ford. “Cybercrime knows no boundaries, and without international collaboration, our efforts to dismantle these operations would be impossible.”

Love and his conspirators planned and executed the attacks in secure online chat forums known as internet relay chats, or “IRC.” They communicated in these chats about identifying and locating computer networks vulnerable to cyber attacks and gaining access to and stealing massive amounts of data from those networks. They also discussed the object of the conspiracy, which was to hack into the computer networks of the government victims and steal large quantities of non-public data, including PII, to disrupt the operations and infrastructure of the United States government.

To gain entry to the government victims’ computer servers, Love and conspirators often deployed what is known as a “SQL injection attack.” Structured Query Language is a type of programing language designed to manage data held in particular types of databases; the hackers identified vulnerabilities in SQL databases and used those vulnerabilities to infiltrate a computer network. They also exploited vulnerabilities in a web application platform that some of the targeted agencies used known as “Coldfusion.” Like SQL Injection attacks, this method of hacking allowed the conspirators to gain unauthorized access to secure databases of the victims. Once the network was infiltrated, Love and his conspirators placed malicious code, or malware, on the system. This malware created a “back door” or “shell,” leaving the system vulnerable and helping Love and the conspirators maintain access to the network.

Love and his conspirators took steps to conceal their identities and illegal hacking activities. To mask their IP addresses, the conspirators used “proxy” and “tor” servers to launch the attacks. They also frequently changed their nicknames in online chat rooms, using multiple identities to communicate with each other.

If convicted, the defendant faces a maximum potential penalty of five years in prison and a $250,000 fine, or twice the gross gain or loss from the offense, on each of the two counts with which he is charged.

U.S. Attorney Fishman credited special agents of the U.S. Army Criminal Investigation Command – Computer Crime Investigative Unit, under the direction of Director Andrews, and the FBI in Newark, under the direction of Special Agent in Charge Ford, with the investigation leading to the indictment. Fishman also recognized the important work of the U.S. Department of Defense, Office of Inspector General Defense Criminal Investigative Service, under the direction of Special Agent in Charge Jeffrey Thorpe, Cyber Field Office; EPA Office of Inspector General, under the direction of Michael Daggett, Deputy Assistant Inspector General for Investigations; the NASA Office of Inspector General, Computer Crimes Division; and U.S. 4

Department of Energy, Office of Inspector General, Deputy Inspector General for Investigations under the direction of John Hartman, in this case.

The government is represented by Assistant U.S. Attorney Nicholas P. Grippo of the U.S. Attorney’s Office Criminal Division in Trenton.

The charges and allegations contained in the indictment are merely accusations, and the defendant is presumed innocent unless and until proven guilty.

Information on the charges in the Eastern District of Virginia can be obtained from the U.S. Attorney’s Office for that district at 703-842-4050 or by email at [email protected].

Article source: http://www.darkreading.com/attacks-breaches/alleged-hacker-indicted-in-new-jersey-fo/240163199