Hack the Army, Brag About it, Get Raided

SunCrushr was one of many who submitted this. A security company called ForensicTec decided to explore the U.S. government's computer systems, with particular emphasis on the Army. They talked to the press and had their fifteen minutes of fame. And surprise surprise, they immediately got raided by the FBI. What did they expect?

I did a security test this week

[WildBeast]

I placed an unpatched Windows machine on the internet with no firewall protection whatsoever and shared the Inetpub directory. I wanted to know, how long it'll take before someone decides to crack into my machine. Sure enough, it took only two days.

This test really made me realise that there are plenty of crackers and criminals out there that are waiting for a chance to get into your PC.

The point I want to make is that, I'm sure those army computers have been accessed by crackers plenty of times before.

Why is this even news?

[Brian_Ellenberger]

If they broke into the base, photocopied some records, and bragged about it noone would have even thought twice about their arrest. But now that it is electronic it is of some sort of interest to Slashdot? Very sad.

Look if you want the virtual world to be treated like the real world (privacy, source code = speech, etc) then you have to accept it works both ways. Breaking in electronically is the same as physically. It doesn't matter how "weak" the security is. Just because I can throw a brick through a window and rob a store, doesn't mean it is somehow the store's fault for having windows.

And sure I am concerned about military security. And it is disturbing someone could hack into it. But that doesn't give ForensicTec the right to go hacking it. I'm worried about airline security but I can't take it upon myself to see if I can get a gun through security.

Brian Ellenberger

They did the right thing

[zenyu]

If they had reported this to the army it would have never been made public, and they might have been arrested anyway. The only thing I think they should have done differently is get a Senator involved before going to the media, it would have given them some cover. Seriously though they should be given a congressional metal of honor for bravery for informing us of the lax security.

I used to live near a couple military bases so I know it's not exactly geniouses running the place. But they are a very organized bunch and I would have expected a policy on passwords, and that in that culture it should be easy to enforce. Password crackers shouldn't work on the military. Someone who leaves a password of "password" or "administrator" on a computer should be dishonorably discharged at the very least. If any of those machines exposed sensitive data they should get at least a few years on a slab of concrete in Cuba.

The dirty little secret of the military is that sensitive information is a lot more important than classified stuff. Engineering data that was classified in 1950, that made it into every textbook by 1960, is still locked in a safe at night because it's too much work to declassify anything. The day to day functioning of the military tells any enemy everything they might care about and that never gets classified.

Hey even the top secret nuclear stuff doesn' really matter since the information to build a nuke was long ago published, and the high tech stuff the US and Russia have isn't of interest to anyone. It's already expensive to build a nuke that takes out Manhattan, building one that takes out the Jersey City in the same hit is just a waste of money. But what kind of gas masks are being packed for the attack on Iraq, well that could be useful.