Alleged UK Hacker Charged a 3rd Time

Indictment Focuses on Attacks on Several More U.S. Agencies
Alleged UK Hacker Charged a 3rd Time

An alleged hacker based in the United Kingdom has been indicted for a third time. The latest charges allege he infiltrated computers at several U.S. government agencies and contractors.

See Also: OnDemand | Zero Tolerance: Controlling The Landscape Where You'll Meet Your Adversaries

The new indictment, unsealed by the U.S. Attorney's Office for the Eastern District of Virginia on July 24, charges Lauri Love with conspiracy, causing damage to a protected computer, access device fraud and aggravated identity theft.

Love was indicted in connection with other U.S. hacking incidents by authorities in New York in February and New Jersey in October 2013. He was arrested by British authorities last year.

Latest Indictment

The latest indictment accuses Love of accessing protected computers at the Department of Energy, Health and Human Services, the U.S. Sentencing Commission and the FBI's Regional Computer Forensics Laboratory, plus government contractors Deltek Inc. and Forte Interactive.

The alleged U.K. hacker, along with several conspirators, gained access to the computers by exploiting a vulnerability in Adobe ColdFusion, a software program designed to build and administer websites and databases, authorities say. The vulnerability allowed Love and his conspirators to allegedly access protected areas of the victims' computer servers without proper login credentials, according to prosecutors.

Once the alleged hackers had access to the servers, they obtained administrator-level access to the networks, which allowed them to upload and download files, as well as create, edit, remove and search for data, authorities say.

Love allegedly obtained massive amounts of sensitive and confidential information stored on those computers, including more than 100,000 employee records with names, Social Security numbers, addresses, phone numbers and salary information, along with more than 100,000 financial records, including credit card numbers and names. Love's alleged actions caused total losses in excess of $5 million, authorities say.

If convicted on the latest charges, Love faces a maximum penalty of 10 years in prison. He also faces a mandatory additional two years in prison if convicted of aggravated identity theft.

Other Charges

The earlier New York indictment alleges that between October 2012 through February 2013, Love worked with other computer hackers around the world to secretly gain access to Federal Reserve's servers to steal and then publicly disseminate confidential information found on those servers.

In that indictment, Love was charged with one count of computer hacking, which carries a maximum term of 10 years in prison, and one count of aggravated identity theft, which carries an additional sentence of two years in prison.

Earlier, Love was also charged in New Jersey with hacking into thousands of U.S. government computers to steal massive amounts of confidential information. U.S. government computers he allegedly accessed, according to that indictment, were at the Army, Missile Defense Agency, Environmental Protection Agency and NASA. He faces a maximum potential penalty of five years in prison and a $250,000 fine, or twice the gross gain or loss from the offense, on each of the two counts.

About the Author

Jeffrey Roman

Jeffrey Roman

News Writer, ISMG

Roman is the former News Writer for Information Security Media Group. Having worked for multiple publications at The College of New Jersey, including the College's newspaper "The Signal" and alumni magazine, Roman has experience in journalism, copy editing and communications.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.