Anonymous hackers have used a well-known software exploit to breach the systems of multiple government agencies, according to an FBI memo acquired by Reuters.
The attacks began in December, when individuals that Reuters describes as “linked to the collective known as Anonymous” used a flaw in Adobe’s ColdFusion software to sneak into the servers of agencies including the U.S. Army, Department of Energy, and the Department of Health and Human Services, among others. Once inside, the hackers allegedly installed “back doors,” giving them access to the computers at a later date, an exploit that they used for months: Many of the computers were being accessed as recently as October, the memo claims.
The full extent of the attacks are unclear. But according to another internal document obtained by Reuters, the hackers allegedly stole personal data of 104,000 people and information on about 2,000 bank accounts from the Department of Energy alone. Some of this stolen data has already been leaked online, however, as part of a hacking operation known as “Operation Last Resort,” an almost-year-old campaign against perceived federal overreach in hacking cases.
That campaign launched in January following the death of Aaron Swartz, the Internet activist and Reddit cofounder. Swartz committed suicide days before he was set to face multiple felony charges for what was essentially a victimless hacking crime: Downloading academic journals en-masse. According to Reuters, the attacks are also in retaliation for the indictment on Oct. 28 of Lauri Love, a British resident accused of breaching multiple government agencies, including NASA, the State Department, and the Missile Defense Agency, among others.
The Adobe ColdFusion exploit has recently become a favorite among hackers, who’ve used it to break into everything from Lexis/Nexis to limo companies favored by Fortune 500 CEOs.
H/T The Verge | Photo by Anonymous9000/Flickr