(Page 2 of 2)
Leveraging SQL Injections
Love and conspirators often deployed what is known as an SQL injection attack to gain entry to the government victims' computer servers, the FBI said. SQL, or Structured Query Language, is a type of programing language designed to manage data held in particular types of databases; the hackers identified vulnerabilities in SQL databases and used those vulnerabilities to infiltrate a computer network.
According to the FBI, they also exploited vulnerabilities in a Web application platform that some of the targeted agencies used known as Cold Fusion. Like SQL Injection attacks, this method of hacking allowed the conspirators to gain unauthorized access to secure databases of the victims. Once the network was infiltrated, Love and his conspirators placed malicious code, or malware, on the system, the FBI reported. This malware created a back door or shell, leaving the system vulnerable and helping Love and the conspirators maintain access to the network.
Love and his conspirators took steps to conceal their identities and illegal hacking activities. To mask their IP addresses, the conspirators used proxy and Tor servers to launch the attacks. They also frequently changed their nicknames in online chat rooms, using multiple identities to communicate with each other.
If convicted, Love faces a maximum potential penalty of five years in prison and a $250,000 fine, or twice the gross gain or loss from the offense, on each of the two counts with which he is charged.