An FBI memo seen by Reuters makes reference to Anonymous attacks and compromised data from multiple government agencies including the Department of Energy, Department of Health and Human Services and the U.S. Sentencing Commission whose systems were accessed as recently as October.
The attacks are related to the Anonymous hacktivist group and their campaign known as “Operation Last Resort.” The effort is said to be in retaliation for what the hacktivist group considers overzealous prosecution of hackers, most notably the case involving Aaron Swartz who committed suicide soon before trial. Data compromised by Anonymous hackers include personally identifiable information of at least 104,000 employees, family members, contractors and others associated with the Department of Energy as well as information on 2,000 bank accounts.
The FBI memo obtained by Reuters went to system administrators detailing what to look for to determine if their systems were breached. It is believed that the attacks began with the British Anonymous member Lauri Love, who was charged with hacking into the Department of Energy and others in late October. These attacks took advantage of security vulnerabilities in the Adobe ColdFusion software used for building websites. Hackers then left backdoors for re-accessing the government agency systems and it is believed the systems were accessed as recently as last month.
The FBI memo mentioned that the exact number of systems compromised was still unknown but the issue “is a widespread problem that should be addressed.”
For more information: