By Jennifer LeClaire / CIO Today. Updated November 18, 2013.
News headlines heralding the crafty work of "hacktivist" group Anonymous have slowed in recent months. But that may soon change.
According to a Reuters report, the FBI is warning that the activist hackers have secretly accessed U.S. government computers across multiple agencies and stolen sensitive information. The hacking campaign reportedly started about a year ago.
The FBI could not immediately be reached for comment, but Reuters reports that hackers exploited a flaw in Adobe's software to break in through back doors. Reuters cited an FBI memo as its source that described the attacks as "a widespread problem that should be addressed."
Reuters also cited an internal e-mail from Energy Secretary Ernest Moniz's chief of staff. Kevin Knobloch reported details that stolen data included the personal data of at least 104,000 employees, contractors, family members and others associated with the Department of Energy.
The Adobe Connection
In October, Adobe confirmed a massive hack that led to the theft of private customer information is much worse than originally believed. More than 38 million customer accounts were open to cybercriminals, and source code for Adobe Photoshop, ColdFusion, Acrobat and Reader was also compromised. According to Reuters, investigators believe the flaw in ColdFusion software may have been one of the back doors.
We caught up with Graham Cluley, an independent security analyst in London, to get his take on the FBI warning. He told us what's unclear from the report is whether the hackers exploited previously unknown flaws in Adobe's software, or were taking advantage of government agencies not keeping their computer systems properly patched.
"Adobe software has become a frequent vector for hacker attacks in recent years, which underlines the importance for all companies and organizations to keep their software updated and adopt a layered defense to reduce the threat of systems being compromised," Cluley said.
"Hacking groups like Anonymous, meanwhile, need to realize that their activities will not be tolerated by the authorities -- and, if caught, they can expect hefty prison sentences."
Or did Anonymous have help -- or at least an instruction -- from someone associated with the U.S. government? According to The Guardian, the Anonymous hacktivist sentenced last Friday to 10 years in federal prison for his role in releasing thousands of e-mails from private intelligent group Stratfor told a New York court an FBI informant told him to bust into the Web sites of governments in various nations.
"The government celebrates my conviction and imprisonment, hoping that it will close the door on the full story. I took responsibility for my actions, by pleading guilty, but when will the government be made to answer for its crimes?" asked Jeremy Hammond, 28, who received one of the longest U.S. prison sentences ever for hacking.