A British computer hacker has admitted breaking into a US military communications system and stealing the ranks, usernames, phone numbers, and email addresses of over 800 employees as well as IMEI data related to 30,000 satellite phones.
25-year-old Sean Caffrey, of Sutton Coldfield, West Midlands, pleaded guilty at Birmingham Crown Court yesterday to offences under the Computer Misuse Act that he stole data from the US Department of Defense (DOD).
Caffrey broke into the DOD’s Enhanced Mobile Satellite Services network on 15 June 2014, and posted a screenshot online of some of the data he had stolen using the pseudonym “ISIS Freedom Fighters”, and berated rival hacking group Lizard Squad:
“We smite the Lizards, LizardSquad your time is near. We’re in your bases, we control your satellites. The missiles shall rein upon thy who claim alliance, watch your heads, ** T-47:59:59 until lift off. We’re one, we’re many, we lurk in the dark,we’re everywhere and anywhere. Live Free Die Hard! DoD, DISA EMSS : Enhanced Mobile Satellite Services is not all, Department of Defense has no Defenses.”
However, in an extraordinary blunder, Caffrey seems to have made little effort to cover his tracks – and failed to use services that might have provided him anonymity online such as a proxy or VPN.
Hmmph. Hardly the criminal mastermind then, eh?
It’s therefore not too much of a surprise to hear that authorities were able to trace the hack back to Caffrey’s home, where he was arrested in March 2015 as part of a wider sweep against cybercriminals up and down the UK.
During a subsequent forensic examination of Caffrey’s seized computer equipment, stolen data was discovered.
The UK National Crime Agency’s Janey Young was keen to warn others that international co-operation and the department’s expertise were helping to bring hackers to justice:
“After strong partnership working between the NCA, the FBI and the DoD’s Defense Criminal Investigative Service there was very clear, very compelling evidence against Sean Caffrey.”
“No one should think that cyber crime is victimless or that they can get away with it. The NCA has people with skills like Caffrey’s, but they’re doing the opposite to him in detecting cyber criminals and bringing them to justice.”
No details have been shared of precisely how Caffrey managed to breach the network, but the hack is said to have cost the US Department of Defense approximately US $628,000 to fix.
Caffrey is scheduled to appear for sentencing on 14 August.
by Graham Cluley, ESET We Live Security