Army servers were breached …


by Turkish hackers.

Hackers based in Turkey penetrated two U.S. Army Web servers and redirected traffic from those Web sites to other pages, including one with anti-American and anti-Israeli messages, according to a report in InformationWeek.

The hackers, who go by the group name “m0sted,” breached a server at the Army’s McAlester Ammunition Plant in Oklahoma on January 26 and a server at the U.S. Army Corps of Engineers‘ Transatlantic Center in Winchester, Va., on September 19, 2007, the report said.

Investigators believe an SQL injection attack was used to exploit a vulnerability in Microsoft‘s SQL Server database in order to gain access to the servers.

It is unclear whether any sensitive information was accessed, according to the report.

Search warrants have been served on Microsoft, Yahoo, Google, and other ISPs and e-mail providers, while a criminal investigation is underway at the Defense Department, the U.S. Army’s Judge Advocate General’s Office, and the Computer Emergency Response Team, InformationWeek reported.

The same group defaced the United Nations Web site in 2007, also using a SQL injection attack. (Source: Turkish hackers breached U.S. Army Servers – CNET Security)

So where the servers being patched on a regular basis?  Seems that a patch would have prevented this attack.

Reblog this post [with Zemanta]
Advertisements

About brvanlanen

Just a thirty-something guy currently hanging it up in the greater Green Bay area. My post-high school educational background is mainly in the Information Technology field. Specifically I have an A.A.S. in Computer Network Systems and a B.S. in Information Systems Security, both from ITT Technical Institute, in addition to A and MCDST certifications. In my free time I enjoy spending time with my family, cooking and sports. My Christian faith is also important to me as a Missouri-Synod Lutheran and all my children attend a Lutheran grade school. When it comes to political leanings I am a conservative first and foremost which you will discover rather quickly. As for sports I am a huge fan of the Green Bay Packers.

Posted on June 23, 2009, in attacks, computer network, Federal Government, Security breach, vulnerability and tagged , , , , , , , . Bookmark the permalink. 1 Comment.

  1. One would think that a fully patched and updated server would have resisted this sort of attack. If the Army is not keeping their servers up-to-date, there’s a problem.

    Thanks for the article. Keep up the good work!

%d bloggers like this: