Skip to main content

FBI memo: Anonymous has been accessing US government sites for more than a year

Hackers associated with the loose hacktivist collective Anonymous have been secretly accessing US government computers across several agencies for over a year now, according to a remarkable warning issued by the FBI this week.

The infiltrators ostensibly exploited a flaw in Adobe web development software to insert "back doors" into government computer systems that allowed them unfettered access to the systems at later dates.

A memo circulated within the FBI warned that the infiltrations were "a widespread problem that should be addressed".

The memo, which was shown to news agency Reuters, suggested that the breach had affected the US Army, Department of Energy, Department of Health and Human Services, and possibly other agencies.

The attacks demonstrate how Australia and Indonesia aren't the only countries suffering the ire of Anonymous.

An internal email from Energy Secretary Ernest Moniz's chief of staff, Kevin Knobloch, has revealed that the agency was "very concerned", and that the stolen data included personal information on at least 104,000 employees, contractors, family members and others associated with the Department of Energy, along with thousands of bank account details.

Federal agents are apparently concerned that the details could be used for attempted identity fraud.

The attacks are apparently connected with the recent prosecution of a number of high-profile hackers, and together form part of a campaign known as "Operation Last Resort". There is some suggestion that the campaign is also a response to the lengthy jail sentence sought by prosecutors for RSS, Creative Commons and Reddit developer Aaron Schwartz, who killed himself in January 2013.

While some of the breaches have been publicised by the hacking collective as part of Operation Last Resort, the FBI memo suggests that "the majority of the intrusions have not yet been made publicly known," and that "it is unknown exactly how many systems have been compromised".

The attacks apparently took advantage of weaknesses in Adobe's ColdFusion software, which is used to build and develop websites. Adobe has claimed that all affected systems had failed to update the software with the latest security patches.

The report follows strong denials by the American National Security Agency (NSA) that the problems facing its latest data centre in Utah have been the result of attacks by the hacking collective.