Israeli Hacker-For-Hire Sentenced To 80 Months In Prison For Involvement In Massive Spearphishing Campaign
Geoffrey S. Berman, the United States Attorney for the Southern District of New York, announced that BILLY RIBEIRO ANDERSON, a/k/a “Anderson Albuquerque,” a/k/a “AlfabetoVirtual,” was sentenced today to three months in prison for obtaining unauthorized access to and committing defacements of the websites for the Combating Terrorism Center at the United States Military Academy in West Point, New York (“West Point”), and the Office of the New York City Comptroller (the “NYC Comptroller”). ANDERSON pled guilty on October 2, 2018, to two felony counts of computer fraud before U.S. District Judge Laura Taylor Swain, who also imposed today’s sentence.
U.S. Attorney Geoffrey S. Berman said: “Billy Anderson was a sophisticated hacker who compromised and defaced the websites of the New York City Comptroller, West Point, and more than 11,000 other military, government, and business websites around the world under his online pseudonym “AlfabetoVirtual.” Anderson will now serve time in federal prison under his true name. This case demonstrates that those who seek to commit cyber intrusions of government websites will be prosecuted to the fullest extent of the law.”
According to the Indictment and other public court filings and proceedings:
Website defacements are acts of computer intrusion during which a hacker obtains unauthorized access to computers hosting Internet websites and then replaces the publicly available contents of the website with content generated by the hacker, thereby “defacing” the website. Hackers frequently claim responsibility for defacements by listing their online pseudonyms as part of the defaced content.
From in or about 2015 through at least March 13, 2018, ANDERSON took responsibility for obtaining unauthorized access to, and committing more than 11,000 defacements of, various U.S. military, government, and business websites around the world under the online pseudonym “AlfabetoVirtual,” including websites for the NYC Comptroller and the Combating Terrorism Center at West Point.
On or about July 10, 2015, a website owned by the NYC Comptroller was defaced, and ANDERSON, using the online pseudonym “AlfabetoVirtual,” claimed responsibility for the intrusion and defacement. The contents of the NYC Comptroller website were modified to display the text “Hacked by AlfabetoVirtual,” “#FREEPALESTINE” and “#FREEGAZA.” The defacement was performed by exploiting security vulnerabilities associated with the version of a plugin being used on the website.
On or about October 4, 2016, a website for the Combating Terrorism Center at West Point was defaced, and ANDERSON, using the online pseudonym “AlfabetoVirtual,” claimed responsibility for the intrusion and defacement. The content of the Combating Terrorism Center website was modified to display the text “Hacked by AlfabetoVirtual.” The defacement was performed by an unauthorized administrative account that exploited a known cross-site script vulnerability, thereby enabling ANDERSON to bypass access controls and target an internal Combating Terrorism Center website address.
* * *
In addition to the prison term, ANDERSON, 42, of Torrance, California, was sentenced to three years of supervised release, 200 hours of community service, and ordered to pay restitution to victims of his offense.
Mr. Berman praised the outstanding investigative work of the Federal Bureau of Investigation. Mr. Berman also thanked the Computer Crime Investigative Unit of the United States Army Criminal Investigation Command and the Brazilian Federal Police Cyber Crime Unit for their assistance with the investigation.
This case is being handled by the Office’s Complex Frauds and Cybercrime Unit. Assistant United States Attorney Sagar K. Ravi is in charge of the prosecution.