A 24-year-old Tennessee resident has pleaded guilty to unlawfully accessing multiple U.S. government systems, including the electronic filing platform of the Supreme Court of the United States. Court records show the intrusions occurred repeatedly over several months in 2023 using stolen credentials. While the charge carries a relatively light statutory penalty, the case underscores persistent risks tied to credential theft, weak access controls, and misuse of legitimate authentication pathways.

Federal agencies and judicial bodies increasingly rely on online portals to manage filings, benefits, and personal records. These systems are designed for availability and efficiency, but they also expand the attack surface for credential-based abuse. Unlike advanced malware campaigns, many high-impact intrusions still begin with compromised usernames and passwords rather than technical exploits.

According to court filings, Nicholas Moore of Springfield, Tennessee, accessed the Supreme Court’s filing system on at least 25 separate days in 2023 using credentials stolen from another individual. During these sessions, Moore viewed personal records associated with the compromised account.

Moore also admitted to accessing systems belonging to AmeriCorps and the Department of Veterans Affairs, including a veteran’s account on the VA’s MyHealtheVet platform.

Screenshots of the accessed data were later posted publicly on Instagram under the handle “@ihackedthegovernment,” amplifying the impact beyond the initial intrusions.

The activity did not involve exploitation of software vulnerabilities. Instead, Moore relied on valid but stolen credentials to authenticate into protected systems. This technique—often referred to as credential abuse—bypasses many perimeter defenses by appearing as legitimate user activity.

Once authenticated, Moore was able to access sensitive personal information and extract screenshots without triggering immediate containment, highlighting gaps in anomaly detection, session monitoring, and account-level safeguards.

While the scope of accessed records appears limited to specific user accounts, the implications are broader. Judicial and federal service platforms handle highly sensitive personal, medical, and identifying information. Unauthorized access—even without large-scale data exfiltration—creates risks of identity exposure, reputational harm, and erosion of trust in digital government services.

This case illustrates that even the most prominent institutions are vulnerable to low-complexity attacks when credential security fails. It reinforces the importance of multi-factor authentication, behavioral monitoring, and rapid response to suspicious login activity across government systems.

Security practitioners consistently warn that credential theft remains one of the most reliable intrusion methods. Without strong secondary authentication and continuous monitoring, attackers can repeatedly access systems without deploying malware or exploiting technical flaws.