By Jonathan Stempel
NEW YORK (Reuters) - A British man has been arrested in England and charged by the United States and Britain with infiltrating U.S. government computer systems, including those run by the military, to steal confidential data and disrupt operations, authorities said.
U.S. prosecutors said the alleged hacker, Lauri Love, infiltrated thousands of computer systems including those of the Pentagon's Missile Defense Agency, the U.S. Army Corps of Engineers, the U.S. space agency NASA and the U.S. Environmental Protection Agency.
Love, 28, and three unnamed co-conspirators, believed to live in Australia and Sweden, intended their activity to "disrupt the operations and infrastructure of the United States government," according to a U.S. indictment unsealed on Monday.
"Such conduct endangers the security of our country and is an affront to those who serve," U.S. Attorney Paul Fishman in New Jersey, who announced the charges, said in a statement.
Love was charged in Britain with violating the Computer Misuse Act, and charged in the United States with accessing a U.S. government computer without permission and conspiracy, authorities said.
Fishman said the hacking took place from October 2012 until this month. He said it compromised personal data of U.S. military personnel, and information on defense budgets, contract bidding, and the demolition and disposal of military facilities, and caused millions of dollars of losses.
Love lives in the Suffolk village of Stradishall, and was arrested at his residence on October 25 by authorities including the cybercrime unit of Britain's National Crime Agency (NCA), authorities said. He has been released on bail until February 2014, an NCA spokeswoman said.
The arrest comes as authorities worldwide coordinate efforts to combat cybercrime. On October 10, U.S. Defense Secretary Chuck Hagel issued a memorandum emphasizing a need to safeguard even unclassified technical data against cyber intrusions to help protect U.S. military superiority.
U.S. prosecutors said the scheme involved the installation by Love and his co-conspirators of malware in the hacked systems, creating "shells" and "back doors" that allowed them to return later to steal data.
According to the U.S. indictment, Love, who was also known as "nsh" and "route" and "peace," at times used internet chat rooms to discuss the intrusions and efforts to conceal them.
In a conversation dated October 7, 2012, and described in the indictment, Love discussed the hacking of an Army Corps database that might have yielded 400,000 email addresses, and asked a co-conspirator to "grab one email for curiosity."
He told another co-conspirator on July 31, 2013, after a hacking: "This ... stuff is really sensitive. ... It's basically every piece of information you'd need to do full identity theft on any employee or contractor for the (agency)," the indictment said.
Prosecutors said hacked systems were located in places including Vicksburg, Mississippi, and the U.S. Army's Aberdeen Proving Ground in Maryland, and also included a server containing information about military personnel at Fort Monmouth in New Jersey.
The U.S. Defense Department did not immediately comment on the matter.
The case is U.S. v. Love, U.S. District Court, District of New Jersey.
(Reporting by Jonathan Stempel in New York; Editing by Doina Chiacu and Will Dunham)