Slashdot Mirror
Hackers Breached US Army Servers
An anonymous reader writes "A Turkish hacking ring has broken into 2 sensitive US Army servers, according to a new investigation uncovered by InformationWeek. The hackers, who go by the name 'm0sted' and are based in Turkey, penetrated servers at the Army's McAlester Ammunition Plant in Oklahoma in January. Users attempting to access the site were redirected to a page featuring a climate-change protest. In Sept, 2007, the hackers breached Army Corps of Engineers servers. That hack sent users to a page containing anti-American and anti-Israeli rhetoric. The hackers used simple SQL Server injection techniques to gain access. That's troubling because it shows a major Army security lapse, and also the ability to bypass supposedly sophisticated Defense Department tools and procedures designed to prevent such breaches."
All your base are belong to us
You are wrong on so many levels. If you can't even bother to protect against simple things as SQL injection, I have a nasty feeling about the overall security.
Why aren't classified information on a separate network, not connected to the Net? Please: this is not 1980 anymore - protect critical information seriously.
So much for Information Week being reasoned and sensible.
"Equally troubling is the fact that the hacks appear to have originated outside the United States. Turkey is known to harbor significant elements of the al-Qaida network. It was not clear if "m0sted" has links to the terrorist group."
Hooray for sensationalism!
I didn't bother to RTFA, but summary is inflamatory at best.
A public-facing, high-profile (perception) server gets compromised? That's not news.
Let's say it is news for a minute. What was the budget for this public-facing project? This is not a "major Army security lapse" by any stretch of the imagination.
Of course, my line of thinking wouldn't be widely accepted because it ignores the emotional response that the summary probably provokes in most people.
http://www.maxineudall.com/2010/02/should-economists-be-sued-for-malpractice.html
Why aren't classified information on a separate network, not connected to the Net
It is, in fact there are multiple, separate networks.
Other than the author repeating the word "sensitive" over and over again, there wasn't anything concrete in the article about whether the information was actually classified. I suspect it wasn't.
Sensitive does not mean classified. Sensitive could be as simple as a change in the dinner menu at the chow hall, which could suggest the arrival of important personnel. Classified information would not even exist on networks accessible via the internet.
Apparently wizard is not a legitimate career path, so I chose programmer instead.
Web server page redirection? Should that scare me? I mean, it's not quite as if somebody smuggled munitions or fired a weapon.
"Oh...but the breach reveals the military's vulnerability."
Does it? To what?
Answer: To webserver page redirection.
Might there be greater risk here? Perhaps. But no evidence was presented to indicate that. Get back to me when you've identified a MATERIAL RISK, not merely a TECHNICAL VULNERABILITY.
As for those of you who have hopes and expectations that ALL THINGS MILITARY will be secure...WTF?
Don't you mean "Windows For Warcraft"?
I'm hardly one to defend MS products, but come on.
SQL injection is hardly "a security vulnerability in Microsoft's SQL Server database." SQL injection is a result of badly written code. Nothing more. There is never an excuse for that to occur, even in environments where security isn't the top priority.
The whole article feels a bit off to me. I get the sense it was written by somebody with little technical cluefulness. I particularly like the line about "sophisticated Defense Department tools and procedures designed to prevent such breaches" followed by a sentence identifying AV software. Written by a dummy, for similarly intelligent people, perhaps?