Slashdot Mirror

← Back to Stories (view on slashdot.org)

US Army Website Hacked By Syrian Electronic Army

Posted by samzenpus on from the change-your-password dept.

swinferno writes: On Monday afternoon, the Syrian Electronic Army claimed on Twitter to have successfully hacked the website of the United States Army, army.mil. Various screenshots that appeared on Twitter reportedly showed pro-Assad propaganda on the site before it crashed. "Today an element of the Army.mil service provider's content was compromised. After this came to our attention, the Army took appropriate preventive measures to ensure there was no breach of Army data by taking down the website temporarily," spokesman Brig. Gen. Malcom B. Frost said in a statement.

8 of 116 comments (clear)

  1. Obligatory by darkain · · Score: 4, Insightful

    https://xkcd.com/932/

    1. Re:Obligatory by Zaelath · · Score: 2

      Yeah, that's exactly what that XKCD is saying. They got at an externally hosted server that would have occasionally been accessed FROM a (more, but not highly) secure .mil network, but doesn't have any access TO any .mil network.

      It's about as significant as shitting through a recruiting office letterbox in a mall.

    2. Re:Obligatory by Karmashock · · Score: 2

      emmm... not really. just because there isn't secure information in there doesn't mean it is "okay" that it got busted.

      First there is a question of prestige here. You don't let shitstain hackers break into your webserver. You just don't.

      Second, I'm not sure there was nothing in there of value. It could have contained something that would point them at other systems or give them deeper knowledge of the infrastructure of another network. And they could leapfrog from one to the next.

      It definitely was a breach... a breach into a place with no secure information? Possibly... but still a breach. And you don't let a bunch of kids into mil space.

      All I'm saying... secure your webservers. Please.

      I was dealing with a company webserver that was getting breached every couple weeks. It was constant. Nothing was in it that mattered but people were getting into it and fucking it up.

      I talked to the guy responsible for it and he wasn't making any sense. He was saying it wasn't possible to keep people out of the fucking thing. Which just told me that he wasn't competent to do the job. Period. I talked to someone else and explained some of my ideas as to how to secure it, they said "those will all work"... I then put him on that, we secured the system the way I wanted to do it.

      It hasn't been breached since. What I did do? A lot of things. But the most extreme thing I did... because I'm a kitchen sink sort of guy that throws fucking everything at anything that gives me a problem... I write locked the server. You literally can't change anything on it. All the parts of the system that are fucking word press or other similar code that was getting screwed with is write locked at the file system level. It doesn't need to be changed on a regular basis. We move something around about every three or four months maybe. And all the web admin has to do is trigger a script that unlocks the files, then he can do what he wants, then he triggers the script again and it locks all the files behind him.

      This is an issue I have with stuff like word press. Its really nifty but its got lots of ways to hack it or get into admin functions.

      And my attitude with that, is that you need to understand the portions of the system that change and the portions of the system that don't. Then you only permit the segments that need to change to change. And the portions that don't can remain locked.

      You do that, and most of the pure word press hacks and exploits don't work. They don't anticipate the configuration files being write locked.

      Again, not the only thing I did... but one of the most demonstrative of the core concept... which is to make hacking a system LITERALLY impossible.

      Here someone will say "well not literally they could get in and unlock the files at the file system level."... sure... if it is possible to do that... which long story short, it isn't.

      --
      I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.
    3. Re:Obligatory by TubeSteak · · Score: 3, Insightful

      It's about as significant as shitting through a recruiting office letterbox in a mall.

      Unless they dropped some malware on the site and infected the people who unknowingly visited the page.

      --
      [Fuck Beta]
      o0t!
  2. Different goals by Bathroom+Humor · · Score: 4, Interesting

    I guess you can tell the ambition of an attack based on how obvious it is.
    When the Syrian Electronic Army hacks a website, they simply vandalize it and make a lot of noise. When someone else, say the Chinese government, hacks a web address, they ignore the front pages altogether and go straight for the data centers. Way more discrete, way more dangerous.

    I could make a fart analogy out of this. So I will.
    The silent ones are the ones you need to fear.

  3. Old hat by Whiteox · · Score: 2

    Really? Is hacking the US gov. still a thing?

    --
    Don't be apathetic. Procrastinate!
  4. Captain Hindsight by gavron · · Score: 3, Funny

    Oh good job, Captain Hindsight! You are absolutely right! Manning should have never been able to use a USB stick [takes notes]. Also Snowden should have never been given so much access [takes notes].

    "...this would have never happened."

    Oh excelsior! Your powers of observation and hindsight deduction are without compare. Between that and your three split infinitives all I can say is BRAVO, SIR, BRAVO! You truly have your finger on the pulse of ... everything that's that wrong.

    1. Re:Captain Hindsight by l0n3s0m3phr34k · · Score: 2

      Glad I can humor you, Grammer Nazi. The Dean of Canterbury who wrote "The Queen’s English" just called from 1864 and said they want their rule book back.