Friday, May 29, 2009

Army Hacking Sir!

Where's Sergeant Hulka when you need him?

It seems that Turkish hackers breached two U.S. Army web servers and redirected traffic to other pages, including those with anti-American and anti-Israeli messages.

The most recent breach was on Jan. 26 when a server at an ammo plant in Oklahoma was compromised. The other reported breach occurred in Sept. 2007 and involved an Army Corps of Engineers server in Virginia.

Authorities believe that SQL injection attacks were used in both cases, which is not surprising given how often we've seen this in the past, but with vulnerable SQL installations well known, it's surprising that the DoD hasn't mandated vulnerability assessments of Internet-facing servers, using both internal resources and security firms contracted to assess from the outside looking inward.

The reports claims that it's unknown if sensitive information was accessed as a result of this breach, to which I wonder what the heck the Army is doing putting sensitive information on Internet-accessible points of presence without having a robust testing program in place and a layered control approach.

Perhaps President Obama's cyber-security czar could ask the Army that very question.

Report: Turkish hackers breach U.S. Army servers , via CNET

No comments:

Post a Comment

Please tell me what you think.