Man Charged With Hacking Into and Defacing Military and Government Websites

A California man suspected of accessing and defacing numerous military, government and business websites, including that of West Point’s Combating Terrorism Center and the New York City Comptroller’s Office, was arrested Thursday on computer fraud charges.

Prosecutors believe that from 2015 through March 2018, Billy Ribeiro Anderson, under the online pseudonym AlfabetoVirtual, gained unauthorized access to computers and replaced publicly available content with the words “Hacked by AlfabetoVirtual,” “#freepalestine,” “#freegaza,” or some combination of the three. Hackers often claim responsibility for cybercrimes by adding their online pseudonyms to their defacements.

“Billy Anderson allegedly used specialized computer skills and knowledge to hack important U.S. military and government websites, as well as over 11,000 other websites around the world,” Geoffrey S. Berman, the U.S. attorney for the Southern District of New York, said Thursday in a statement issued by the Justice Department.

Anderson, 41, of Torrance, California, faces three counts of computer fraud, and could face up to 21 years in prison if convicted on all charges.

“Among other possible effects, website defacements can disrupt an organization’s operations and damage its credibility,” William F. Sweeney Jr., the assistant director in charge of the FBI’s New York field office, said in the statement.

In July 2015, security vulnerabilities in a website for the New York City comptroller were exploited, and AlfabetoVirtual claimed responsibility for the intrusion and defacement.

In October 2016, AlfabetoVirtual claimed responsibility for defacing a website for the Combating Terrorism Center, an academic center at the U.S. Military Academy in West Point, New York.

According to the complaint, the comptroller’s office ultimately paid more than $5,000 to fix the damage, and the U.S. government paid more than $7,000 to fix West Point’s site.

Anderson’s lawyer could not be identified on Thursday, and Sagar K. Ravi, an assistant U.S. attorney who is expected to prosecute the case, could not immediately be reached.

Tampering with websites in this way is probably the most common type of hacking, Levi Gundert, a former U.S. Secret Service special agent within the Los Angeles Electronic Crimes Task Force, said in an interview Thursday. And those looking for holes in web servers can find “so many different ways in,” he said. “There are hundreds of people who do this regularly.”

The behavior of AlfabetoVirtual, Gundert said, seemed to be primarily hacktivist activity intended to spread a message, and leaving mostly superficial damage. “He probably looked at it as a harmless hobby,” said Gundert, who now runs a threat intelligence research team at the internet technology company Recorded Future.

It was probably the importance of the sites that were targeted and the sheer number of sites that were hit that led prosecutors to proceed with a case, he said.

There’s a “ton of potential for real harm” when someone gains unauthorized access to web servers, said Gundert, who pointed out that the large-scale Equifax breach last year — which exposed the personal information of up to 145 million Americans — began with unauthorized access. “Organizations generally underestimate the damage that can be done.”