Governance & Risk Management , Incident & Breach Response , Managed Detection & Response (MDR)
Brits Arrest Alleged Fed Reserve Hacker
U.S. Demands Extradition of Suspect in Multiple Govt. HacksBritish police have re-arrested Lauri Love, who's been charged with 2012 and 2013 hack attacks against U.S. government computers, including systems operated by the Federal Reserve, U.S. Army and NASA. But Love plans to fight extradition.
See Also: Gartner Market Guide for DFIR Retainer Services
Love, 30, was arrested at his house in Suffolk, England, near London on July 15 by the London Metropolitan Police's Extradition Unit, based on a U.S. extradition warrant. No charges have been filed against him by U.K. authorities.
"The warrant alleges offenses under the [U.K.] Computer Misuse Act for which he has been indicted in the U.S. districts of Virginia, New Jersey and New York between various dates in both 2012 and 2013," a spokeswoman for London's Metropolitan Police says in a statement. Under Britain's Computer Misuse Act, individuals can be prosecuted for launching hack attacks from the United Kingdom against other countries. Love has been released on bail until his full extradition hearing, which is scheduled for Sept. 1.
The suspect was first arrested in October 2013, based on an indictment filed in U.S. federal court. Love's computer equipment was also seized, but he was later released on bail. That U.S. indictment accused Love of working with others to illegally access U.S. government computers, including systems operated by the U.S. Army, Missile Defense Agency, Environmental Protection Agency and NASA (see Brit Charged with Hacking Federal IT).
But Love's attorney, Karen Todner, tells the BBC that his bail had been canceled more than a year ago - meaning he was freed - and that his re-arrest came "out of the blue." she adds: "He will certainly be fighting extradition."
The U.S. Department of Justice did not immediately respond to a request for comment about the timing of its extradition request with British authorities.
Adobe Flaw Exploited?
Love faces a number of charges in the United States. He was further indicted by a U.S. federal grand jury in July 2014 for allegedly causing millions of dollars in damages by exploiting flaws - since patched - in the Adobe ColdFusion website management and administration tool (see Alleged UK Hacker Charged a 3rd Time).
The 2014 indictment alleged that Love, a.k.a. "Peace," and his co-conspirators illegally accessed computers belonging to the Department of Energy, the Department of Health and Human Services, the U.S. Sentencing Commission, the FBI's Regional Computer Forensics Laboratory, as well as software vendors Deltek and Forte Interactive, and stole a variety of data, including Social Security numbers.
According to the indictment, Love bragged in an online chat room that he planned to publish passwords and phone numbers for Federal Reserve users.
In a March 2015 U.K. court hearing related to Love attempting to have 31 devices that had been seized by British law enforcement agents returned to him, National Crime Agency attorney Andrew Bird told a British court that when Love was arrested at his home in October 2013, most of the devices were encrypted, the BBC reports. But Bird said that one of the computers was still on and "appeared to have information stolen from the U.S. Department of Energy." The NCA also requested that the court require Love to share his decryption passwords, and the court ordered that he share the password to a Samsung laptop, BBC reports. Of the seized devices, 25 were reportedly returned to Love by police.
Will He Be Extradicted?
Some previous cases involving British hackers facing extradition to the United States have become highly politicized, so it's not clear if British authorities will ultimately extradite Love. And even if they do extradite him, the process may take years.
For example, in 2012, the British government blocked the extradition of Gary McKinnon - also defended by Todner - who had been accused by U.S. prosecutors of executing "the biggest military computer hack of all time." Home Secretary Theresa May said the decision in the 10-year-old case was made on human rights grounds, after a medical review board warned that the extradition of McKinnon, who has Asperger Syndrome and "suffers from depressive illness," would result in a "high risk" that he would commit suicide.