US Navy sysadmin charged with 'Team Digi7al' hacktivist attacks on military

More Lulzsec than Edward Snowden

A sysadmin who worked in the nuclear reactor department of a US warship used his privileged access to hack Navy databases before boasting of the exploits on Twitter, US Government prosecutors have alleged.

In a case that will draw some comparisons with Edward Snowden's breaching of US secrets, court filings allege that 27-year-old Nicholas Knight, now arrested, exploited his Navy sysadmin position to steal employee and customer data as the head of the self-styled 'Team Digi7al' anti-government hacking group.

For a year, Knight is said to have fed sensitive data to a second accused, college student Daniel Trenton Krueger, who posted the information on Twitter under a number of aliases including 'Thor', 'Orunu', Gambit, and 'uChronus'.

Along with a clutch of college-age helpers who made up the remainder of the group, Team Digi7al also attacked a range of websites by exploiting SQL vulnerabilities, always in search of personal data, passwords and account logins that could be disclosed as part of the group's political campaign.

Alarmingly, Knight is said to have attacked a Navy database while working onboard the USS Harry S. Truman aircraft carrier during active duties, which is the point at which at which he was caught and discharged from the service.

It's not clear what inspired the group but the period the hacks are said to have occurred - between April 2012 and June 2013 - could be significant because it was not long after the heyday of the now largely declawed Anonymous group. Attacks by the group attracted widespread attention and could have inspired copycat behaviour.

At the time, the MO was always the same in these attacks; hack high-profile sites, releasing data as proof of success on public channels such as Twitter.

The charge sheet alleges a series of attacks were carried out and it is here that the political intentions of the group probably most reveal themselves. Most of the sites mentioned are Government-related although AT&T was another target.

Superficially, the case has echoes of Edward Snowden because like the exiled campaigner-cum-traitor Knight was an insider abusing trusted access. However, judging from the prosecution papers, a better comparison might be British hacktivists lite, LulzSec, who conducted a mischievous campaign around the same time.

The naivety of the attacks is one giveaway, starting with the fact that Knight was eventually caught after boasting of his Navy hack exploits using the group's Twitter account where he said the group had hacked "my own boat" as well as revealing other data that would have alerted investigators to an inside job.

Accomplice Krueger was also said to have used three-pass wiping to delete data from his PCs despite separately keeping records of hacking exploits and future targets in an unsecured state.

Whatever Team Digi7al was it was not a major threat to US national security.

"The industry must acknowledges what is so painfully obvious - privileged account security is a critical layer of security that enables organisations to respond to malicious activity and mitigate potential damage, far more effectively than focusing on the perimeter alone," commented Udi Mokady, CEO of security firm Cyber Ark.

"As Symantec recently stated, the perimeter is dead - the threats are occurring on the inside of businesses. It only makes sense that this is where preventative security measures should start as well."

Join the CSO newsletter!

Error: Please check your email address.

Tags Personal Techsecuritytwitter

More about Symantec

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by John E Dunn

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place