Prolific Hacker Gets Prison TimeBreached Law Enforcement Agencies, Stole Card Details
A Massachusetts man who pleaded guilty to hacking the computer networks of law enforcement agencies across the U.S., as well as obtaining stolen payment card data, has been sentenced to four years in prison.
See Also: The Power and Scale of XDRCameron Lacroix of New Bedford, Mass., pleaded guilty in June to two counts of computer intrusion and one count of access device fraud (see: Hacker Pleads Guilty to Breaching Networks). Lacroix was charged on June 2, according to the Federal Bureau of Investigation.
The Massachusetts man also faces charges in California that he hacked Zendesk, a San Francisco company that provides help-desk support to numerous companies, including Twitter (see: Hacker Charged in Twitter Support Hack).
Between May 2011 and May 2013, Lacroix obtained payment card data for more than 14,000 account holders, authorities say. For some of these accountholders, Lacroix also obtained other personally identifiable information, including names, addresses, dates of birth, Social Security numbers, e-mail addresses, bank account and routing numbers, and lists of merchandise ordered.
In addition, Lacroix admitted to hacking into a computer server operated by a local Massachusetts police department in September 2012, and then accessing the e-mail account of its police chief. He also admitted to repeatedly hacking into law enforcement computer servers across the country that contained sensitive information, including police reports, arrest warrants and sex offender information, between August and November 2012.
The Massachusetts man also acknowledged he used stolen credentials to access and change information, including his grades, in the servers of Bristol Community College, Fall River, Mass., where he was a student, on multiple occasions between September 2012 and December 2013.
Twitter Support Hack
Lacroix allegedly hacked into Zendesk's website in February 2013 and disabled a security feature designed to limit who can view information pertaining to Zendesk's customers, according to the U.S. Attorney's Office for the Northern District of California, which charged Lacroix on July 2.
Prosecutors allege that Lacroix then exported approximately 1 million Twitter support tickets to computers outside of Zendesk's network and used that information to compromise and deface the Twitter feeds for two companies.
The attacks allegedly resulted in Zendesk and Twitter incurring combined losses of more than $200,000 in responding to the attacks, authorities say.
Lacroix has been charged with intentionally causing damage to a protected computer. If convicted, he faces a maximum sentence of 10 years in prison, a fine of $250,000, plus restitution.