Slashdot Mirror

← Back to Stories (view on slashdot.org)

Royal Navy Website Hacked, Passwords Revealed

Posted by CmdrTaco on from the injection-infection dept.

An anonymous reader writes "The British Royal Navy's website has been suspended after a Romanian hacker exploited SQL injection vulnerabilities to gain access to the site. The hacker, named 'TinKode,' accessed usernames and passwords used by the site's administrators and published them on the web. TinKode's attack is 'particularly embarrassing for the British Ministry of Defence, as just last month protecting against cyber attacks was declared in the National Security Strategy to be a "highest priority for UK national security."'"

4 of 114 comments (clear)

  1. It was only a dream by IICV · · Score: 2, Interesting

    It's okay! This was only a simulation, right?

  2. From TFA by contra_mundi · · Score: 3, Interesting

    "We can all be thankful that Tinkode's activities appear to be have been more mischievous than dangerous. If someone with more malice in mind had hacked the site they could have used it to post malicious links on the Navy's JackSpeak blog, or embedded a Trojan horse into the site's main page."

    Giving anyone free reign to embed said trojans into the site is only marginally better. Assuming of course that it could be done with the exposed admin logins. Now they're forced to go through pretty much everything to make sure no such traps were placed or if information was stolen.
    The mischevious option would have been to remain only parts of the passwords, or otherwise proving it and not leaking anything sensitive.
    Not to worry however, I'm sure he'll get 60 years in jail without parole for embarrassing the wrong people.

  3. Not sure what is more embarrassing by MalHavoc · · Score: 2, Interesting

    I'm not sure what is worse. The fact that they fell victim to an SQL injection attack, or the HTML source that is displayed on TFA is badly broken. A "centre" tag? And the closing HTML tag is broken. Someone put up that maintenance page in a mega hurry.

  4. Care time? by crow_t_robot · · Score: 2, Interesting

    If the navy's website was actually connected to any operational naval computer systems, yielded more than just the names and passwords of contractor web developers, housed actual classified operational information of the royal navy or was due to a flaw in a piece of software written by the navy for mission-critical systems then I MIGHT CARE.

    But, it doesn't, so I DON'T.