Members of the hacker collective Anonymous have been infiltrating US government computers across multiple agencies for the better part of the past year. The attackers initially used an exploit in Adobe ColdFusion to gain access to systems starting in December 2012 and left back doors to facilitate their return as early as last month according to a memo from the FBI as seen by Reuters.
According to the publication, the memo was sent out last Thursday and described the incidents as a widespread problem that should be addressed. The document reportedly outlines steps that system administrators can take to determine if computers are compromised. The attacks are believed to be ongoing although a spokesperson for the FBI declined to comment on the matter.
Those affected include the Department of Energy, the Department of Health and Human Services, the US Army and perhaps several other unnamed agencies. An internal e-mail from Kevin Knobloch, the chief of staff to Energy Secretary Ernest Moniz, said the breach includes the theft of personal information from at least 104,000 employees, contractors and family members associated with the Department of Energy. What’s more, information pertaining to nearly 2,000 bank accounts was also stolen.
The memo further points out that the majority of intrusions have not been publically disclosed and the total number of compromised systems is unknown.
For their part, Adobe said they were not familiar with the FBI report although they have found the vast majority of attacks using their software have taken place on programs that were not running the latest security patches.