Lauri Love and three co-conspirators allegedly infiltrated thousands of systems including those of the Pentagon's Missile Defense Agency, the U.S. Army Corps of Engineers, the U.S. space agency NASA and the U.S. Environmental Protection Agency, according to a U.S. grand jury indictment made public on Monday.
Love, 28, and the unnamed co-conspirators, including two in Australia and one in Sweden, then left "back doors" in the networks to later retrieve data, and intended that their activity "disrupt the operations and infrastructure of the United States government," according to the indictment.
"Such conduct endangers the security of our country and is an affront to those who serve," U.S. Attorney Paul Fishman in New Jersey, who announced the charges, said in a statement.
Love was charged in Britain with violating the Computer Misuse Act, and charged in the United States with accessing a U.S. government computer without permission and conspiracy, authorities said.
Fishman said the hacking took place from October 2012 until this month. He said it compromised personal data of U.S. military personnel, and information on defense budgets, contract bidding, and the demolition and disposal of military facilities, and caused millions of dollars of losses.
The arrest comes as authorities worldwide coordinate efforts to combat cybercrime. On October 10, U.S. Defense Secretary Chuck Hagel issued a memorandum emphasizing a need to safeguard even unclassified technical data against cyber intrusions to help protect U.S. military superiority.
"The cyber threat presents a significant risk to national security and military operations," Pentagon spokesman Lieutenant Colonel Damien Pickart said. "We take this threat seriously and work diligently to prevent future intrusions."
Love lives in the Suffolk village of Stradishall, about 70 miles (113 km) northeast of London. He was arrested at his home on October 25 by the cybercrime unit of Britain's National Crime Agency and other officials, authorities said. He has been released on bail until February 2014, an NCA spokeswoman said.
U.S. prosecutors said the scheme by Love and his co-conspirators involved the installation of malware in the hacked systems, creating "shells" and "back doors" that allowed them to return later to steal data.
The indictment described how Love, who was also known as "nsh" and "route" and "peace," at times allegedly used internet chat rooms to discuss the hacking and efforts to conceal it.
In an October 2012 conversation described in the indictment, Love discussed the hacking of an Army Corps database that might have yielded 400,000 email addresses, and asked a co-conspirator to "grab one email for curiosity."
Nine months later, in July 2013, he appeared to boast about accessing a NASA database, telling another co-conspirator "ahaha, we owning lots of nasa sites," the indictment said.
Later that month, he told the same co-conspirator after another hacking: "This stuff is really sensitive. It's basically every piece of information you'd need to do full identity theft on any employee or contractor for the (agency)," according to the indictment.
Prosecutors said hacked systems were located in places including Vicksburg, Mississippi, and the U.S. Army's Aberdeen Proving Ground in Maryland, and also included a server containing information about military personnel at Fort Monmouth in New Jersey.
Love faces up to five years in prison and a fine on each U.S. criminal count. Prosecutors said he faces additional charges in federal court in Alexandria, Virginia, stemming from other unspecified "intrusions."
The cases are U.S. v. Love, U.S. District Court, District of New Jersey; and U.S. v. Love, U.S. District Court, Eastern District of Virginia, No. 13-mj-00657.
© Thomson Reuters 2013