UK hacker arrested over attacks on US Army, Federal Reserve and NASA

18 Jul 2015

UK hacker Lauri Love was arrested by the Met over attacks on US govt sites including the US Army. He now faces an extradition battle.

A British man has been rearrested and charged with hacking into US government agencies, including the US Army, NASA and the Federal Reserve. Lauri Love, who was arrested yesterday in Suffolk could face extradition to the US.

UK hacker Lauri Love, a 30-year-old from Suffolk, was arrested by the Metropolitan Police, who were executing an extradition warrant on behalf of the US government.

After appearing at Westminster Magistrates’ Court, Love was bailed out and awaits his next hearing on 1 September.

Love was first arrested in October 2013 on charges that he and others hacked into the networks operated by the US Army, the US Missile Defence Agency, NASA, the Environmental Protection Agency and other US government agencies.

The group behind the attacks were allegedly intent on stealing large amounts of military data and personally identifying information of government employees and military personnel.

The warrant executed by the Met alleges offences under the Computer Misuse Act for which he has been indicted in the districts of Virginia, New Jersey and New York between 2012 and 2013.

According to The Guardian, the law permits the arrest of anyone who starts attacks from the UK on computers from anywhere in the world.

Arrest came out of the blue

Love’s solicitor described the latest arrest as “out of the blue” and said that he intends to fight extradition.

His original arrest stemmed from claims he made in a chatroom that he had infiltrated the Federal Research computer system, defaced its website and sent fake emails to users. He also announced that he planned to disseminate Federal Reserve computer passwords and users’ phone numbers.

In one boast he said: “You have no idea how much we can f*** with the US government if we wanted to.”

Love is understood to have scanned large ranges of IP addresses to identify vulnerable servers and then used SQL commands to infiltrate a site’s backend.

He also exploited vulnerabilities in sites that used the web app software ColdFusion, whose entire source code was discovered on a server operated by hackers.

These efforts gave him administrator-level access to computer servers without proper login credentials.

Handcuffs image via Shutterstock

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years

editorial@siliconrepublic.com