Hacker faces years in prison after attacking multiple US government sites

Share this…

More than 11k sites were attacked

A Californian man pleaded guilty of hacking multiple military and government websites in a campaign allegedly linked to the political situation in Gaza, as reported by specialists in digital forensics from the International Institute of Cyber Security. Billy Ribeiro Anderson, also known as “Anderson Albuquerque” or “AlfabetoVirtual”, pleaded guilty for two computer fraud felonies in a court in the Southern District of New York.

According to US prosecutors, between 2015 and 2018, the 41-year-old man undertook this multitude of malicious actions through illegal access to over 11k US military, government, and business websites.

Under the pseudonym of AlfabetoVirtual, the hacker replaced the content of each website with political propaganda designed by him, including the publication of the text “Site hacked by AlfabetoVirtual”, “#FREEPALESTINE” and “#FREEGAZA”. These messages refer to the political situation between Palestine, Israel and the Gaza strip, the besieged territory. The Gaza liberation movement has been operating since 2008 and consists of human rights activists and different pro-Palestinian groups.

Two of these particularly striking attacks are the intervention of the New York City Comptroller’s office in 2015 and an attack in 2016 against a website of the Combating Terrorism Center, at West Point.

In the first case, Anderson exploited the vulnerabilities in a Third-party plug in used by the website. On this site, the hacker was able to exploit a XSS bug to compromise an administrator account and bypass access controls.

Specialists in digital forensics believe that Anderson is not solely responsible for the widespread destruction of websites, but could also have compromised thousands of servers around the world. The hacker would have installed malware on these servers to maintain persistence and create backdoors on systems, granting himself administrator privileges.

Anderson faces up to 10 years in prison. The sentence has been scheduled and will be held in February 2019.

“Billy Anderson hacked the websites of the Comptroller of New York, in addition to West Point, one of the most prestigious military academies in the world”, mentioned experts in digital forensics to the city attorney. The man pleaded guilty to these crimes and faces a conviction in a federal prison. “This case shows that those seeking to commit cybercrimes against government websites will be prosecuted to the greatest extent possible of the US law”, the city attorney said.

As a background, last May the US police extradited and prosecuted one of the operators of the counter antivirus tool known as Scan4You, used by cyber criminals to test the capabilities of their codes and thwart the protections of antivirus solutions.