Department of Defense Hacked: British Hacker Admits To Stealing Data From US Military

A British hacker admitted to hacking into an United States military communications system and stealing more than 800 user accounts from the database, the United Kingdom’s National Crime Agency (NCA) reported.

The 25-year-old hacker, identified as Sean Caffrey, pled guilty to offenses under the Computer Misuse Act after confessing that he stole data from the U.S. Department of Defense’s (DOD) Enhanced Mobile Satellite Services.

Read: Hack The DHS: Senate Bill Would Encourage Hackers To Help Improve Security Of Department Of Homeland Security

Caffery made off with the usernames, ranks, phone number and email addresses of more than 800 DOD employees. The hacker also took International Mobile Equipment Identity (IMEI) data related to more than 30,000 satellite phones.

The theft took place on June 15, 2014. Caffery was arrested by officers from the NCA’s National Cyber Crime Unite (NCCU) and West Midlands Police in March 2015 after intelligence tracked the origins of the hack to Caffery’s internet connection.

Despite the hacker having the skills to break into the military computer system, he did little to cover his tracks. He opted not to use any sort of services that would have provided him anonymity like a Virtual Private Network (VPN) or proxy.

The NCA reported its forensic examination found stolen data from the DOD stored on his hard drives. Additionally, officers found an online messaging account connected to the attack was registered on Caffery’s computers.

Read: Hack The Air Force: US Military Launches Bug Bounty Program For Air Force

The account created by Caffery reportedly used the username “ISIS Freedom Fighters.” There is no indication that Caffery has an actual connection to the Islamic State.

Caffery used the “ISIS Freedom Fighters” account to post a screen of some of the data he gained access to. In addition, Caffery posted a message that took aim at another hacking collective known as Lizard Squad, a group known for disrupting online services.

“We smite the Lizards, LizardSquad your time is near. We’re in your bases, we control your satellites. The missiles shall rein upon thy who claim alliance, watch your heads, ** T-47:59:59 until lift off. We’re one, we’re many, we lurk in the dark, we’re everywhere and anywhere. Live Free Die Hard! DoD, DISA EMSS : Enhanced Mobile Satellite Services is not all, Department of Defense has no Defenses,” Caffrey's message read.

Janey Young, investigations manager at the NCA, said in a statement, “After strong partnership working between the NCA, the FBI and the DoD’s Defense Criminal Investigative Service there was very clear, very compelling evidence against Sean Caffrey.”

Young said, “no one should think that cyber crime is victimless or that they can get away with it,” and warned that the NCA has people with skills like Caffrey’s, “but they’re doing the opposite to him in detecting cyber criminals and bringing them to justice.”

The hack reportedly cost the DOD $628,000 to fix the damage caused by the intrusion. Since the hack, a number of U.S. military organizations have adopted bug bounty programs designed to encourage hackers to report vulnerabilities in their computer systems in exchange for cash.