Nicholas Moore, 24, from Springfield, Tennessee, pleaded guilty to unauthorized computer access and fraud, marking a significant case of government cybersecurity breach.
Moore hacked multiple U.S. government systems and publicly disclosed sensitive information through social media, exposing critical vulnerabilities in federal digital infrastructure.
Between August and October 2023, Moore executed a coordinated series of intrusions targeting three high-value government systems.
Using stolen credentials from authorized users, Moore breached the U.S. Supreme Court’s electronic filing system at least 25 times over 25 days, often accessing the platform multiple times within a single day.
The attack demonstrated persistent unauthorized access to a system restricted to authorized personnel only.
Moore’s intrusion methodology relied on credential theft rather than sophisticated exploitation techniques. He obtained login credentials from multiple authorized users and used them across different government platforms.
This credential-based attack vector highlights the ongoing vulnerability of government systems to stolen authentication factors, despite security protocols designed to prevent such access.
Multi-System Breach Scope
Moore’s hacking campaign extended beyond the Supreme Court. Between August 17 and October 13, 2023, Moore accessed AmeriCorps systems using stolen credentials, extracting personal information from a second victim’s account.
Additionally, Moore accessed the Department of Veterans Affairs’ MyHealthEVet platform five times between September 14 and October 14, 2023, using compromised credentials from a U.S. Marine Corps veteran.
This access enabled Moore to view the veteran’s private health information, including prescribed medications and confidential medical details, without authorization.
Moore’s most significant operational error was publicly posting evidence of his breaches on Instagram under the account @ihackedthegovernment.
On three separate occasions, Moore uploaded screenshots containing details of the Supreme Court filing system, victim names, and other identifying information.
He similarly posted AmeriCorps victim personal information and evidence of the Veterans Affairs breach to the same public account, accompanied by boasts about accessing VA servers.
This public disclosure of stolen data through social media became the primary evidence trail leading to Moore’s identification and prosecution.
The case demonstrates how threat actors frequently compromise operational security by publicizing their activities for notoriety or bragging rights.
Moore pleaded guilty to a single count of computer fraud, a Class A misdemeanor. He faces up to one year in prison and $100,000 in fines at sentencing scheduled for April 17, 2026, before Judge Beryl A. Howell in U.S. District Court.
The investigation involved the Supreme Court Police Protective Intelligence Unit, the FBI Washington Field Office, the Veterans Affairs Office of Inspector General, and the AmeriCorps Office of Inspector General, coordinated by Assistant U.S. Attorneys John Borchert and Rami Sibay.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
