Navy sysadmin went on hacking spree at sea

A gang of hackers that included a service member on a nuclear aircraft carrier breached the Pentagon’s National Geospatial Intelligence Agency, the biometric Transportation Worker Identification System at the Homeland Security Department, and Los Alamos National Lab – but didn’t always get what it wanted.

“Nicholas Paul Knight, 27, who referred to himself as a ‘nuclear black hat,’ was discharged from the Navy after he allegedly attempted to hack into a Naval database while at sea serving as a systems administrator in the nuclear reactor department aboard the U.S.S. Harry S. Truman,” Wired reports.

The group apparently was motivated by a combination of anti-government sentiment, boredom, and thrill-seeking.

The gang is accused of using SQL-injection hacks and other methods to gain access to various government systems. It also entered or attempted to enter networks belonging to a number of universities and police departments.

Despite more than two dozen hacks, the gang had sporadic success. The hack of a computer at NGA got the hackers schematics for more than ten databases, but they failed to download the sensitive agency data they sought from the computer.

A breach of an AT&T Uverse computer, however, got them mobile phone numbers of about 7,500 customers, as well as some email addresses, physical addresses and clear text passwords.

They also accessed the email account of the Ambassador of Peru in Bolivia and made off with the entire email contents of his account.

An investigation into Knight, conducted by the Naval Criminal Investigative Service, began in June 2012, when a breach of the Navy’s Smart Web Move website and database occurred.

“The system, also known as Navy-SWM, is used by the Navy to manage the transfer and relocation of personnel and their family members in all branches of the military — Navy, Army, Air Force, Marines and Coast Guard,” Wired reports. “The database contained more than a decade’s worth of stored sensitive personal data on about 220,000 service members and their families, including Social Security numbers and birth dates. It also stored the answers to security questions that members used to reset their passwords for the system — such as their mother’s maiden name or the names of their children.”

The amount of account data the hackers obtained from the database is unknown.

The hackers boasted about their intrusions on Twitter and published the stolen personal information on storage sites where others could see the data. 

ThreatWatch is a regularly updated catalog of data breaches successfully striking every sector of the globe, as reported by journalists, researchers and the victims themselves.