Hackers Breached US Army Servers 209
An anonymous reader writes "A Turkish hacking ring has broken into 2 sensitive US Army servers, according to a new investigation uncovered by InformationWeek. The hackers, who go by the name 'm0sted' and are based in Turkey, penetrated servers at the Army's McAlester Ammunition Plant in Oklahoma in January. Users attempting to access the site were redirected to a page featuring a climate-change protest. In Sept, 2007, the hackers breached Army Corps of Engineers servers. That hack sent users to a page containing anti-American and anti-Israeli rhetoric. The hackers used simple SQL Server injection techniques to gain access. That's troubling because it shows a major Army security lapse, and also the ability to bypass supposedly sophisticated Defense Department tools and procedures designed to prevent such breaches."
Amazing. (Score:5, Interesting)
Pardon the rant, but can anyone tell me why we're still having people write code that is subject to SQL injection attacks?
I mean, sometimes potential buffer overflows in C/C++ programs can be tricky to notice. Writing threading code that's not subject to deadlock or starvation can often be a challenge.
But isn't code that's subject to SQL injection attacks just blindingly, amazingly obvious at first glance?
Front end compromise... (Score:5, Interesting)
I'm just playing devil's advocate but who puts their public website inside their defences?
I know it is an extremely common practice in this country to actually put sites like these on standard third party hosting services (e.g. Rackspace).
They set them up to be as secure as other e-commerce sites, so fairly secure, but without having to poke holes in a nice heavy firewall.
Re:any good military has (Score:4, Interesting)
The US military is pretty much incapable of fighting a guerrilla war where the combatents are intermixed with civilians and civilian casualties are forbidden. It made Vietnam very difficult and it has made Iraq difficult as well.
What we have is a guerrilla war against hackers where they are effectiely shielded in most cases by the ISP and their own country's law enforcement. The end result is almost an unwinnable war.
We are winning in Iraq by ending the use of civilians as shields. We won in Vietnam by separating the combatants from the civilians. It is going to take that sort of effort to win against hackers, crackers and identity thieves. Unfortunately, right now the effort required to do this is intense enough that it is many, many times the losses so far. So I don't think they are going to do anything until the losses mount up a lot more.
What makes this worse is in order to effectively combat these people it is going to take either the cooperation of foreign law enforcement or just going around them. Neither one is going to make these other countries want to be our friends, but they seem to be happy with the hackers running around doing whatever.
Re:Wait... (Score:4, Interesting)
This isn't too hard to find out. Look for GS military IT jobs, and see what they're hiring for. Lots of Windows crap. They still do have *nix positions, just not as many.
Of course, a 1 admin to 10 windows machine ratio is acceptable, as a 1 admin to 50 Linux machine ratio is acceptable. They have a LOT of workstations out there that need tending to.
a different war has different goals (Score:3, Interesting)
the battle on the web is one of image and a communication capability and integrity. if the enemy can thoroughly trounce the image and capability of the military on the web, then that is a battlefield which is a valid battlefield and which has been won by the enemy. you thoroughly reject the validity of this battlefield. you are thoroughly wrong and woefully behind the times
your allegory of spraypainting graffiti on fences is inaccurate. it would be more accurate to say every flag in every corridor were turned into the nazi flag and every manual in every shelf were turned into mao's little red book, and every directive and nonsecure communication were replaced with the speeches of tokyo rose
the scale and the morale effect is a lot larger than you suppose, and the effect on nonessential, and sometimes even essential communication channels is game-changing
get with the times. it matters a hell of a lot more than you think and it will only continue to matter more. it is often said that the wars in the middle east are about winning hearts and minds. image control in that regard matters crucially. it does no good to project an image of incompetence, to give the enemy something to celebrate in terms of david beating goliath
and this isn't even a new concept. it is valid in a million examples pre-internet. for one, consider the doolittle raid on tokyo after pearl harbor: completely tactically pointless. but in terms of morale boost for the usa, and morale killer for the enemy, it was huge. this is the exact same dynamic going on with the ability of teenagers to deface the military's presence on the internet, nevermind their ability to infiltrate actual essential communication, which you don't even consider to be a possibility
well you can bet russia and china are considering that possibility, and may even have contingencies and capabilities in place to do exactly that while you snooze and act dismissive about what is going on here in terms of infiltration. you snooze you lose. right now, you are comatose
Re:wood for the trees (Score:3, Interesting)
Classified Info Is On Separate Servers (Score:3, Interesting)