A 24-year-old Tennessee man who hacked into the U.S. Supreme Court’s electronic filing system more than two dozen times over two months in 2023 and posted details on Instagram of what he found pleaded guilty to a fraud charge and will be sentenced in April.

Nicholas Moore used stolen credentials of an authorized user to break into the filing systems during a 25-day period between late July and October, at times more than once a day. Moore also used stolen credentials to hack into AmeriCorps computers and the Veterans Administration’s (VA) health system, according to the U.S. Justice Department.

He pleaded guilty to one count of fraud activity in connection with computers, a misdemeanor that carries a one-year prison sentence and a fine of up to $100,000.

According to a court document outlining the guilty plea, Moore used the stolen credentials of an authorized user referred to as “GS” and hacking into the Supreme Court’s system, accessing the individual’s personal information, including their full name, email and home addresses, phone number, date of birth, and private answers that GS had supplied to three security questions.

Three times in 2023 – July 29, August 18, and November 28 – Moore posted screenshots of GS’ home page from the Supreme Court’s filing system on his Instagram account, using the handle “ihackedthegovernment.” People look at the Instagram post could see GS’ current and past electronic filing records.

The Supreme Court uses the system to receive and store electronic versions of court filings.

Accessing AmeriCorp Information

Regarding the MyAmeriCorps hack, Moore used the stolen credentials of an authorized MyAmeriCorps user – identified as “SM” – to access the user’s account seven times between August 17 and October 13 2023.

MyAmeriCorp is the online portal operated by AmeriCorps, the national service-promoting federal agency that the DOJ said connects tens of thousands of U.S. citizens every year to non-profit organizations, public agencies, and community services.

Through the intrusion, Moore was able to get much of the same information for MS that he obtained about GS, though he also accessed MS’ citizenship and veteran status and service history. He also posted screenshots to his Instagram account that included the personal information, as well as a boast about his access to AmeriCorps servers.

Hacking into the VA

Moore also hacked into the VA’s MyHealtheVet platform, again using the credentials of an authorized user, referred to as “HW.” The online platform is used by veterans to manage their health care, from refilling prescriptions and viewing medical records to managing appointments and communicating with healthcare providers via secure messaging.

On five days between September 14 and October 14, 2023, Moore used the stolen credentials to obtain the private health information of the Marine veteran, including medications prescribed to HW and his blood type, along with his email and home addresses and phone number.

Moore disclosed the identifiable health information on October 13, 2023, through a screenshot sent through Instagram to an unnamed associate. The screenshot identified HW and the prescribed medications.

On October 15 and 16, 2023, he again publicly posted on his Instagram account screenshots in which he bragged about his access into the VA systems and HW’s personal information. The screenshots also revealed HW’s information, from home and email addresses and his full name to his service branch, and blood type.

There was no information given for how Moore acquired the authorized user credentials he used to break into the systems. He is scheduled to be sentence April 17 in U.S. District Court.