The United States Department of Justice (DoJ) this week announced that a California man has pleaded guilty to hacking the websites for the Combating Terrorism Center at the United States Military Academy in West Point, New York, and the Office of the New York City Comptroller.
The man, Billy Ribeiro Anderson, 41, of Torrance, California, also known as “Anderson Albuquerque” and “AlfabetoVirtual,” admitted to obtaining unauthorized access to the two websites and to defacing them by replacing publicly available contents of the website with hacker-generated content.
According to court documents, from 2015 through at least March 13, 2018, Anderson took responsibility for accessing various U.S. military, government, and business websites around the world, all without authorization.
Using the online handle of AlfabetoVirtual, he also committed more than 11,000 defacements of said websites, including websites for the Combating Terrorism Center at West Point and the NYC Comptroller.
The NYC Comptroller’s website was defaced on July 10, 2015. Anderson, who took responsibility for the incident, replaced the contents of the website to display the text “Hacked by AlfabetoVirtual,” “#FREEPALESTINE” and “#FREEGAZA.”
The hacker gained access to the website and was able to deface it by exploiting security vulnerabilities associated with the version of a plugin being used on the website.
Anderson defaced a website for the Combating Terrorism Center at West Point on October 4, 2016 and modified the site’s content to display the text “Hacked by AlfabetoVirtual.” He gained access to the site via an unauthorized administrative account that exploited a known cross-site script vulnerability, which allowed the hacker to bypass access controls.
Anderson also committed unauthorized intrusions of thousands of web servers worldwide through malicious code installed on the victim web servers. The code provided the hacker with administrative rights to the servers, which then enabled it to commit defacements and maintain a foothold on the compromised servers.
“The defendant pled guilty to two counts of computer fraud for causing damage to a protected computer, each of which carries a maximum sentence of 10 years in prison,” the DoJ announced. Anderson is scheduled for sentencing on February 13, 2019.
Related: Student Charged in Elaborate Digital Money Theft Scheme
Related: Malware Creator Admits to Building and Selling LuminosityLink RAT
More from Ionut Arghire
- US, Israel Provide Guidance on Securing Remote Access Software
- Android’s June 2023 Security Update Patches Exploited Arm GPU Vulnerability
- Blumira Raises $15 Million for SMB-Tailored XDR Platform
- KeePass Update Patches Vulnerability Exposing Master Password
- Google Workspace Gets Passkey Authentication
- Cybersecurity Startup Elba Raises €2.5 Million for Employee-Focused Product
- Apple Unveils Upcoming Privacy and Security Features
- Dozens of Malicious Extensions Found in Chrome Web Store
Latest News
- Sysdig Introduces CNAPP With Realtime CDR
- Stay Focused on What’s Important
- VMware Plugs Critical Flaws in Network Monitoring Product
- Hackers Issue ‘Ultimatum’ Over Payroll Data Breach
- US, Israel Provide Guidance on Securing Remote Access Software
- OWASP’s 2023 API Security Top 10 Refines View of API Risks
- Android’s June 2023 Security Update Patches Exploited Arm GPU Vulnerability
- ChatGPT Hallucinations Can Be Exploited to Distribute Malicious Code Packages
