Two unnamed Australian hackers have been accused of breaking into scores of US Federal Government agencies stealing thousands of personal records and causing millions of dollars in damages.
The crackers, including one from NSW, broke into networks run by the US Army, the Pentagon's US Missile Defense Agency, NASA and the Environmental Protection Agency among others, according to a US grand jury indictment.
"Collectively, the hacks described herein substantially impaired the functioning of dozens of computer servers and resulted in millions of dollars of damages to the government victims," the indictment alleged.
Together with arrested British man Lauri Love, 28, and a fourth unnamed cracker residing in Sweden, the group was alleged to have broke into the networks by using SQL injection and exploiting vulnerable Adobe ColdFusion installations over a year-long cracking spree that wound up in October.
Prosecutors claimed Love, who used the handles 'nsh', route' and 'peace', used automated hack tools to identify targeted sites. Once inside networks, they alleged he planted malware and backdoors to maintain access.
The British man was alleged to have told fellow crackers during internet chats that they had stolen enough information to commit identity theft against US Government employees.
"You have no idea how much we can f*ck with the US Government if we wanted to," Love allegedly told fellow crackers in an internet relay chat.
"It's basically every piece of information you'd need to do full identity theft on any employee or contractor for the" hacked government agency.
The cracking group were alleged to have taken to Twitter to broadcast the hacks and timed their tweets to gain media coverage across the US.
US attorney Paul Fishman said the alleged attacks 'endangered' national security and were "an affront to those who serve".
The lengthy investigation was led by the US Army Criminal Investigation Command-Computer Crime Investigative Unit and the FBI in Newark.
FBI Special Agent Aaron T.Ford said international collaboration was critical to catch the crackers.
“Cyber crime knows no boundaries, and without international collaboration, our efforts to dismantle these operations would be impossible,” T.Ford said.
Love was released on bail until February. If convicted, he faced a maximum of five years in prison and a $250,000 fine.