The US has accused 28-year-old Lauri Love of being a "sophisticated and prolific computer hacker” after he used a variety of attack methods to infiltrate and steal data from numerous US agencies.
An indictment for Love’s arrests was published on Monday at the same time that the National Crime Agency announced they had arrested a 28-year-old man under the UK Computer Misuse Act.
The indictment provide a detailed breakdown of the accusations levelled against Love, claiming he and co-conspirators, not named in the document, used a variety of attacks including SQL injections and bespoke malwares to break into systems.
They list numerous agencies as being attacked, including Nasa, the US Missile Defence Agency and the Environmental Protection Agency. Love, who used the alias ‘route’ online, was said to have boasted of these hacks to the co-conspirators.
“This ... stuff is really sensitive. ... It's basically every piece of information you'd need to do full identity theft on any employee or contractor for the [agency]," the indictment read.
It was also revealed that vulnerabilities in Adobe’s ColdFusion web development platform were exploited by Love to access US Army databases. Adobe has moved to patch many vulnerabilities in the product over the year but was too late to stop Love who was alleged to have carried out the hack on 6 October 2012.
The Independent reported that Love spoke briefly outside his home on Monday night, confirming he had been picked up by UK authorities: "I only just got home after being at government headquarters today,” he said. "I don't even know what's happening myself to be honest, I need to call my lawyers."
The case already has echoes of that of Gary McKinnon who infiltrated US computers over a decade ago. He became a cause célèbre due to the length of time it took the UK government to arrive at a decision on his fate. Home secretary Theresa May eventually blocked his extradition.
Dan Worth is the news editor for V3 having first joined the site as a reporter in November 2009. He specialises in a raft of areas including fixed and mobile telecoms, data protection, social media and government IT. Before joining V3 Dan covered communications technology, data handling and resilience in the emergency services sector on the BAPCO Journal.