Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hackers Breached US Army Servers

Posted by timothy on from the fine-line-between-clever-and-stupid dept.

An anonymous reader writes "A Turkish hacking ring has broken into 2 sensitive US Army servers, according to a new investigation uncovered by InformationWeek. The hackers, who go by the name 'm0sted' and are based in Turkey, penetrated servers at the Army's McAlester Ammunition Plant in Oklahoma in January. Users attempting to access the site were redirected to a page featuring a climate-change protest. In Sept, 2007, the hackers breached Army Corps of Engineers servers. That hack sent users to a page containing anti-American and anti-Israeli rhetoric. The hackers used simple SQL Server injection techniques to gain access. That's troubling because it shows a major Army security lapse, and also the ability to bypass supposedly sophisticated Defense Department tools and procedures designed to prevent such breaches."

2 of 209 comments (clear)

  1. Amazing. by DoofusOfDeath · · Score: 4, Interesting

    Pardon the rant, but can anyone tell me why we're still having people write code that is subject to SQL injection attacks?

    I mean, sometimes potential buffer overflows in C/C++ programs can be tricky to notice. Writing threading code that's not subject to deadlock or starvation can often be a challenge.

    But isn't code that's subject to SQL injection attacks just blindingly, amazingly obvious at first glance?

  2. Front end compromise... by Manip · · Score: 4, Interesting

    I'm just playing devil's advocate but who puts their public website inside their defences?

    I know it is an extremely common practice in this country to actually put sites like these on standard third party hosting services (e.g. Rackspace).

    They set them up to be as secure as other e-commerce sites, so fairly secure, but without having to poke holes in a nice heavy firewall.