Hackers linked to the Anonymous group have been hacking U.S. government computers since December 2012, Reuters has learned from a memo distributed on Thursday by the FBI. The hackers have apparently exploited a flaw found in Adobe’s ColdFusion to target the computers, installing back doors in PCs from the U.S. Army, Department of Energy, Department of Health and Human Services in order to be able to access them over and over. Some of these computers have apparently been accessed as recently as last month, as the group’s attacks continue.
The FBI described the issue as a “widespread problem that should be addressed” in the memo, adding that it’s not known “exactly how many systems have been compromised.” System administrators have been advised on what to look for in order to find compromised computers.
Dated October 11, an internal email from Energy Secretary Ernest Moniz’s chief of staff Kevin Knobloch says that the stolen data includes personal information for as many as 104,000 employees, contractors, family members and other persons that are associated with the Department of Energy. Information on almost 2,000 bank accounts has also been stolen.
According to officials, the hacking was linked to the case of Lauri Love, a hacker who was indicted on October 28th for allegedly attacking computers from the various government departments and army. Love and others have taken advantage of the ColdFusion website builder in these attacks.
However, Adobe is apparently not aware of the FBI report, with a spokesperson adding that “the company has found that the majority of attacks involving its software have exploited programs that were not updated with the latest security patches.”