Hacker Accesses West Point's Anti-Terrorism Center Website: AG

WEST POINT, NY — Federal authorities have charged a California man with hacking government websites, including one at the U.S. Military Academy at West Point and of the New York City comptroller. Geoffrey S. Berman, the U.S. Attorney for the Southern District of New York, said Thursday that Billy Ribeiro Anderson, 41, of Torrence, CA, was charged with three separate counts of computer fraud.

Anderson, also known as “Anderson Albuquerque” and “AlfabetoVirtual,” allegedly obtained unauthorized access to and defaced data on the websites for the Combating Terrorism Center in West Point and the New York City comptroller in New York.

He was arrested Thursday morning at his home in California, and will be presented in federal court Thursday in Los Angeles.

“Billy Anderson allegedly used specialized computer skills and knowledge to hack important U.S. military and government websites, as well as over 11,000 other websites around the world,” Berman said.

“Thanks to the outstanding work of the FBI’s cyber squads, criminals who compromise the integrity of government websites and network infrastructure will continue to be investigated vigorously and prosecuted to the fullest extent of the law,” he said.

According to the allegations in the complaint, website defacements are acts of computer intrusion during which a hacker obtains unauthorized access to computers hosting Internet websites and then replaces the publicly available contents of the website with content generated by the hacker, thereby “defacing” the website, according to authorities. Hackers frequently claim responsibility for defacements by listing their online pseudonyms as part of the defaced content.

From 2015 through at least March 13, 2018, Anderson took responsibility for obtaining unauthorized access to, and committing more than 11,000 defacements of, various U.S. military, government and business websites around the world under the online pseudonym “AlfabetoVirtual,” including websites for the Combating Terrorism Center at West Point and the NYC Comptroller.

On or about July 10, 2015, a website owned by the NYC Comptroller was defaced, and Anderson, using the online pseudonym “AlfabetoVirtual,” claimed responsibility for the intrusion and defacement, federal authorities said. The contents of the NYC Comptroller website were modified to display the text “Hacked by AlfabetoVirtual,” “#FREEPALESTINE” and “#FREEGAZA.” The defacement was performed by exploiting security vulnerabilities associated with the version of a plugin being used on the website, experts said.

On or about Oct. 4, 2016, a website for the Combating Terrorism Center at West Point was defaced, and Anderson, using the online pseudonym “AlfabetoVirtual,” claimed responsibility for the intrusion and defacement, authorities said. The content of the Combating Terrorism Center website was modified to display the text “Hacked by AlfabetoVirtual.” The defacement was performed by an unauthorized administrative account that exploited a known cross-site script vulnerability, according to federal authorities, which enabled Anderson to bypass access controls and target an internal Combating Terrorism Center website address.

Berman said Anderson also committed unauthorized intrusions of thousands of web servers located around the world by surreptitiously installing malicious code on victim web servers that provided him with administrative rights to the victimized web servers, thereby enabling him to commit defacements and otherwise to maintain persistent unauthorized access to the victimized web servers.

Anderson is charged with two counts of computer fraud for causing damage to a protected computer, each of which carries a maximum sentence of 10 years in prison, and one count of computer fraud for unauthorized access to a United States government computer, which carries a maximum sentence of one year in prison.

Image via Shutterstock.