Hacker Admits to Breaching Supreme Court Systems and Sharing Sensitive Data on Instagram
In a significant cybersecurity breach, Nicholas Moore, a 24-year-old from Springfield, Tennessee, has pleaded guilty to unauthorized computer access and fraud. Moore infiltrated multiple U.S. government systems and disseminated sensitive information via social media, exposing critical vulnerabilities within federal digital infrastructure.
Details of the Breach
Between August and October 2023, Moore orchestrated a series of unauthorized intrusions targeting three high-profile government systems. Utilizing stolen credentials from authorized users, he accessed the U.S. Supreme Court’s electronic filing system at least 25 times over 25 days, often multiple times within a single day. This persistent unauthorized access highlighted significant security lapses in systems intended for exclusive use by authorized personnel.
Moore’s method of intrusion was notably straightforward, relying on credential theft rather than exploiting technical vulnerabilities. By obtaining login credentials from multiple authorized users, he gained access across various government platforms. This approach underscores the ongoing risk posed by compromised authentication factors, even in systems with established security protocols.
Extent of Unauthorized Access
Moore’s hacking activities extended beyond the Supreme Court. Between August 17 and October 13, 2023, he accessed AmeriCorps systems using stolen credentials, extracting personal information from a second victim’s account. Additionally, between September 14 and October 14, 2023, Moore accessed the Department of Veterans Affairs’ MyHealthEVet platform five times using compromised credentials from a U.S. Marine Corps veteran. This unauthorized access allowed him to view private health information, including prescribed medications and confidential medical details.
Public Disclosure via Social Media
A critical misstep in Moore’s operations was his decision to publicly share evidence of his breaches on Instagram under the account @ihackedthegovernment. On three separate occasions, he posted screenshots revealing details of the Supreme Court filing system, victim names, and other identifying information. Similar posts included personal information from AmeriCorps victims and evidence of the Veterans Affairs breach, accompanied by boasts about accessing VA servers. This public dissemination of stolen data became a key factor leading to his identification and subsequent prosecution.
Legal Proceedings and Sentencing
Moore pleaded guilty to a single count of computer fraud, a Class A misdemeanor. He faces up to one year in prison and fines up to $100,000. Sentencing is scheduled for April 17, 2026, before Judge Beryl A. Howell in the U.S. District Court. The investigation involved multiple agencies, including the Supreme Court Police Protective Intelligence Unit, the FBI Washington Field Office, the Veterans Affairs Office of Inspector General, and the AmeriCorps Office of Inspector General.
Implications and Lessons Learned
This case underscores the critical importance of robust cybersecurity measures within government systems. It highlights the vulnerabilities associated with credential theft and the necessity for continuous monitoring and updating of security protocols. The incident also serves as a cautionary tale about the risks of publicly sharing evidence of illegal activities, which can expedite identification and legal action against perpetrators.
