Stolen Credentials, Not Zero Days: How a Tennessee Hacker Breached Supreme Court Systems and Bragged on Instagram

A Tennessee man has admitted to repeatedly breaching some of the federal government’s most sensitive digital systems, a case that underscores how fragile legacy authentication practices remain even at the highest levels of U.S. institutions.

Court records show that 24 year old Nicholas Moore of Springfield, Tennessee, pleaded guilty on Friday to unlawfully accessing the U.S. Supreme Court’s electronic filing system more than two dozen times. Prosecutors say the intrusions occurred across 25 separate days in 2023 and relied on stolen login credentials rather than the exploitation of a software vulnerability.

According to the filing, Moore posted details about the intrusion on an account using the handle “@ihackedthegovernment.” He also admitted to using stolen credentials to access personal information from AmeriCorps servers and from a U.S. Marine Corps veteran’s account on the Department of Veterans Affairs’ My HealtheVet platform. Screenshots from both systems were shared on the same social media account.

Moore pleaded guilty to a single misdemeanor count of computer fraud, which carries a maximum sentence of one year in prison. The case was brought by the U.S. Attorney’s Office in Washington, D.C., and U.S. District Judge Beryl Howell is scheduled to sentence Moore on April 17.

While the intrusions did not involve malware, zero day exploits, or nation state tooling, security experts say the case illustrates how credential theft remains one of the most reliable ways to compromise high value systems.

Jim Routh, Chief Trust Officer at Saviynt, said the continued reliance on traditional authentication methods benefits several groups, including attackers.

“Three stakeholder groups support the current practice of two-factor authentication (ID + Password + OTP) used by the majority of enterprises,” Routh said. “Auditors (internal and external) because it is well known and established, making auditing practices scalable. Regulators because there is a great deal of precedent for these controls, along with methods for testing the effectiveness in each enterprise. Threat actors. It takes less skill and effort to use a compromised credential vs. attempting to attack system vulnerabilities.”

Routh added that more secure, passwordless authentication options are already available, but adoption has lagged despite the financial cost of breaches.

“It is not clear why more enterprises don't choose passwordless authentication methods that are available, although the cost of this change is certainly a factor to consider,” he said. “However, with an average industry cost of $10.2 million for breach remediation and recovery, it seems the business case for moving to advanced authentication is practical. This eliminates the need for storing passwords and risking their compromise.”

The public nature of Moore’s posts has also drawn attention from privacy advocates, who say the behavior highlights both operational and cultural failures.

Chris Hauk of Pixel Privacy said attackers rarely make it so easy to tie exploits back to their real world identity.

“While it's not unusual for a hacker to brag about breaching a system, they don't usually do it on a social account that can be easily connected to their identity,” Hauk said. “While it may appear that the hacker only accessed select records, this should be treated as a complete breach by those in charge, taking steps to ensure such a breach does not occur again, and to protect victims' personal and medical information.”

Security leaders say the repeated access over weeks is a more serious signal than the social media bravado.

Ensar Seker, CISO at SOCRadar, said the case exposes deeper gaps in how federal systems monitor and respond to identity based abuse.

“This case highlights a recurring and uncomfortable reality: some of the most sensitive federal systems are still being compromised through basic identity and access failures rather than advanced technical exploits,” Seker said. “The fact that a single set of stolen credentials allowed repeated access to the Supreme Court’s filing system over weeks suggests gaps in continuous authentication, behavioral monitoring, and privilege enforcement. When attackers can log in multiple times a day without triggering alarms, the issue isn’t sophistication, it’s visibility and control.”

Seker also warned that the public boasting reflects a shift in attacker motivation.

“What’s equally concerning is the normalization of ‘performative hacking,’” he said.

“Bragging on social media reflects a broader shift where attackers seek notoriety as much as impact. Federal systems need to assume breach, enforce strong identity verification, monitor anomalous access patterns in real time, and treat credential abuse as a primary threat vector not a secondary risk. Otherwise, even high profile institutions remain vulnerable to low effort, high impact intrusions.”

Taken together, the case underscores a persistent weakness in both government and enterprise security. Even as agencies invest heavily in advanced defenses, attackers continue to succeed by reusing stolen credentials and exploiting gaps in visibility. The result is a reminder that for many systems, the front door remains unlocked, even when the stakes could not be higher.