14 DAY TRIAL // A man from Stradishall, England, has been indicted for offenses that allowed him access to sensitive information of more than 100,000 federal government employees.
The decision was taken on Thursday, against 29-year-old Lauri Love, by a federal grand jury in the Eastern District of Virginia.
He breached the security of the systems that belonged to the US Department of Energy, Health and Human Services, US Sentencing Commission, FBI’s Regional Computer Forensics Laboratory, Deltek, Inc. and Forte Interactive, Inc.
In 2012, aided by accomplices, Love exploited a security vulnerability in Adobe ColdFusion, which was known at that time, and managed to exfiltrate records of the employees containing their full names, Social Security numbers, addresses, phone numbers, and information about their wages.
According to a statement from the FBI, the hacker also stole more than 100,000 financial records that included credit card numbers and names.
It appears that the financial damage resulting from Love’s nefarious actions amounted to over $5 / €3.72 million.
Love and his associates in crime used specially crafted file managers after exploiting the ColdFusion flaw, which allowed them to achieve elevated privileges on the affected systems.
“After gaining unauthorized access to the protected servers, Love and his conspirators obtained administrator-level access to the networks using custom file managers, which allowed the conspirators to upload and download files, as well as create, edit, remove and search for data,” reads the statement.
If found guilty of the charges brought against him, the English hacker can get up to ten years of jail time. However, it appears that Love has separate indictments on related charges in the District of New Jersey and the Southern District of New York.