A sysadmin who worked in the nuclear reactor department of a US warship used his privileged access to hack Navy databases before boasting of the exploits on Twitter, US Government prosecutors have alleged.
In a case that will draw some comparisons with Edward Snowden’s breaching of US secrets, court filings allege that 27-year-old Nicholas Knight, now arrested, exploited his Navy sysadmin position to steal employee and customer data as the head of the self-styled ‘Team Digi7al’ anti-government hacking group.
For a year, Knight is said to have fed sensitive data to a second accused, college student Daniel Trenton Krueger, who posted the information on Twitter under a number of aliases including ‘Thor’, ‘Orunu’, Gambit, and ‘uChronus’.
Along with a clutch of college-age helpers who made up the remainder of the group, Team Digi7al also attacked a range of websites by exploiting SQL vulnerabilities, always in search of personal data, passwords and account logins that could be disclosed as part of the group’s political campaign.
Alarmingly, Knight is said to have attacked a Navy database while working onboard the USS Harry S. Truman aircraft carrier during active duties, which is the point at which at which he was caught and discharged from the service.
It’s not clear what inspired the group but the period the hacks are said to have occurred – between April 2012 and June 2013 – could be significant because it was not long after the heyday of the now largely declawed Anonymous group. Attacks by the group attracted widespread attention and could have inspired copycat behaviour.
At the time, the MO was always the same in these attacks; hack high-profile sites, releasing data as proof of success on public channels such as Twitter.
The charge sheet alleges a series of attacks were carried out and it is here that the political intentions of the group probably most reveal themselves. Most of the sites mentioned are Government-related although AT&T was another target.
Superficially, the case has echoes of Edward Snowden because like the exiled campaigner-cum-traitor Knight was an insider abusing trusted access. However, judging from the prosecution papers, a better comparison might be British hacktivists lite, LulzSec, who conducted a mischievous campaign around the same time.
The naivety of the attacks is one giveaway, starting with the fact that Knight was eventually caught after boasting of his Navy hack exploits using the group’s Twitter account where he said the group had hacked “my own boat” as well as revealing other data that would have alerted investigators to an inside job.
Accomplice Krueger was also said to have used three-pass wiping to delete data from his PCs despite separately keeping records of hacking exploits and future targets in an unsecured state.
Whatever Team Digi7al was it was not a major threat to US national security.
“The industry must acknowledges what is so painfully obvious – privileged account security is a critical layer of security that enables organisations to respond to malicious activity and mitigate potential damage, far more effectively than focusing on the perimeter alone,” commented Udi Mokady, CEO of security firm Cyber Ark.
“As Symantec recently stated, the perimeter is dead – the threats are occurring on the inside of businesses. It only makes sense that this is where preventative security measures should start as well.”