Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hackers Breached US Army Servers

Posted by timothy on from the fine-line-between-clever-and-stupid dept.

An anonymous reader writes "A Turkish hacking ring has broken into 2 sensitive US Army servers, according to a new investigation uncovered by InformationWeek. The hackers, who go by the name 'm0sted' and are based in Turkey, penetrated servers at the Army's McAlester Ammunition Plant in Oklahoma in January. Users attempting to access the site were redirected to a page featuring a climate-change protest. In Sept, 2007, the hackers breached Army Corps of Engineers servers. That hack sent users to a page containing anti-American and anti-Israeli rhetoric. The hackers used simple SQL Server injection techniques to gain access. That's troubling because it shows a major Army security lapse, and also the ability to bypass supposedly sophisticated Defense Department tools and procedures designed to prevent such breaches."

4 of 209 comments (clear)

  1. Amazing. by DoofusOfDeath · · Score: 4, Interesting

    Pardon the rant, but can anyone tell me why we're still having people write code that is subject to SQL injection attacks?

    I mean, sometimes potential buffer overflows in C/C++ programs can be tricky to notice. Writing threading code that's not subject to deadlock or starvation can often be a challenge.

    But isn't code that's subject to SQL injection attacks just blindingly, amazingly obvious at first glance?

  2. Front end compromise... by Manip · · Score: 4, Interesting

    I'm just playing devil's advocate but who puts their public website inside their defences?

    I know it is an extremely common practice in this country to actually put sites like these on standard third party hosting services (e.g. Rackspace).

    They set them up to be as secure as other e-commerce sites, so fairly secure, but without having to poke holes in a nice heavy firewall.

  3. Re:any good military has by cdrguru · · Score: 3, Interesting

    The US military is pretty much incapable of fighting a guerrilla war where the combatents are intermixed with civilians and civilian casualties are forbidden. It made Vietnam very difficult and it has made Iraq difficult as well.

    What we have is a guerrilla war against hackers where they are effectiely shielded in most cases by the ISP and their own country's law enforcement. The end result is almost an unwinnable war.

    We are winning in Iraq by ending the use of civilians as shields. We won in Vietnam by separating the combatants from the civilians. It is going to take that sort of effort to win against hackers, crackers and identity thieves. Unfortunately, right now the effort required to do this is intense enough that it is many, many times the losses so far. So I don't think they are going to do anything until the losses mount up a lot more.

    What makes this worse is in order to effectively combat these people it is going to take either the cooperation of foreign law enforcement or just going around them. Neither one is going to make these other countries want to be our friends, but they seem to be happy with the hackers running around doing whatever.

  4. Re:Wait... by JWSmythe · · Score: 3, Interesting

        This isn't too hard to find out. Look for GS military IT jobs, and see what they're hiring for. Lots of Windows crap. They still do have *nix positions, just not as many.

        Of course, a 1 admin to 10 windows machine ratio is acceptable, as a 1 admin to 50 Linux machine ratio is acceptable. They have a LOT of workstations out there that need tending to.

       

    --
    Serious? Seriousness is well above my pay grade.