• On GameSpot: Next-gen DS, Xbox tech contracts set?
May 29, 2009 1:50 PM PDT

Report: Turkish hackers breached U.S. Army servers

by Elinor Mills
  • Font size
  • Print
  • 16 comments

Hackers based in Turkey penetrated two U.S. Army Web servers and redirected traffic from those Web sites to other pages, including one with anti-American and anti-Israeli messages, according to a report in InformationWeek.

The hackers, who go by the group name "m0sted," breached a server at the Army's McAlester Ammunition Plant in Oklahoma on January 26 and a server at the U.S. Army Corps of Engineers' Transatlantic Center in Winchester, Va., on September 19, 2007, the report said.

Investigators believe an SQL injection attack was used to exploit a vulnerability in Microsoft's SQL Server database in order to gain access to the servers.

It is unclear whether any sensitive information was accessed, according to the report.

Search warrants have been served on Microsoft, Yahoo, Google, and other ISPs and e-mail providers, while a criminal investigation is underway at the Defense Department, the U.S. Army's Judge Advocate General's Office, and the Computer Emergency Response Team, InformationWeek reported.

The same group defaced the United Nations Web site in 2007, also using a SQL injection attack.

Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service, and the Associated Press. E-mail Elinor.
advertisement
Click Here
Recent posts from Security
Pub fined $13k for Wi-Fi copyright infringement
Tips for safe online shopping
Big changes in Security Starter Kit 2010
Confidential 9/11 pager messages disclosed
Microsoft warns of IE exploit code in the wild
Chrome OS security: 'Sandboxing' and auto updates
E-tailers snagged in marketing 'scam' blame customers
McAfee warns about '12 Scams of Christmas'
Add a Comment (Log in or register) (16 Comments)
  • prev
  • 1
  • next
by Lumiseon May 29, 2009 2:42 PM PDT
I want to know why and how people keep hacking the US. The US really needs to step up security a notch or 10 thousand.
Reply to this comment
by murbo May 29, 2009 4:14 PM PDT
because US alienated the world during these last years thanks to george jr. and by living in its own climate controlled planet while not giving a crap about the rest of the world.
because of arrogance or ignorance... choose one
Reply to this comment
by ikramerica--2008 May 29, 2009 10:34 PM PDT
yep, there was never any spying or hacking before 2001. nope.
by davrosthedalek May 31, 2009 5:21 PM PDT
The 9/11 plot was put in place 5 years before Bush was even thinking about running for President. Terrorist and hackers always hated the country and it will never stop.
by srose152 May 29, 2009 4:24 PM PDT
As a former US Army Information Operations team member, it would seem that certain divisions are not being provided with InfoSec Vulnerability Assessments. Such an assessment would have provided the necessary security recommendations that would have corrected the SQL Injection flaw. However, some traditional military commanders think time is better spent supporting combat-only units, and will end up abolishing cyber-security units. Go Figure!
Reply to this comment
by JasonCe May 29, 2009 4:32 PM PDT
A 'SQL Injection' is NOT a security vulnerability in a SQL (MSSQL, MYSQL, ORACLE, POSGRESQL, ETC) server. It is a security vulnerability in the web application that accesses the database. So this is NOT Microsoft's fault, but the fault of the poor programming utilized by the army's web application developer.
Reply to this comment
by brodie657 May 31, 2009 6:47 PM PDT
Yup. It works in any database - since when did writing crappy code and not binding your variables become a vulnerability of the database?
by SlimGem May 29, 2009 6:39 PM PDT
Hey didn't you hear, the Army's switching to Vista. No problem.

http://news.cnet.com/8301-13860_3-10246768-56.html
Reply to this comment
by myles taylor May 30, 2009 8:35 AM PDT
Yea, just another example of our government wasting money. Why not wait a few months and get Windows 7?
by dennisl59 May 30, 2009 7:29 AM PDT
All Security Issues are a direct result of ALL H1-B Subcontractors being Agents of Foreign Governments.
Reply to this comment
by Dan7637 May 30, 2009 2:59 PM PDT
seriously hackers are nothing but a bunch of cowards hiding behind their computers doing nothing but pissing people off, we should prosecute hackers like they were murders and have death penalty for hackers
Reply to this comment
by queticomn May 30, 2009 3:42 PM PDT
When is the government going to get serous about security an migrate to Linux, ans how bout saving saving some tax payer money an migrate to Linux.
Reply to this comment
by Dalkorian June 1, 2009 9:07 AM PDT
Yeah, that'll really help the ecomony. Next you'll suggest we put water, like out of the toilet, on our plants instead of Brawndo the thirst mutilator. It's got electrolytes!

;-)
by Hokulea May 31, 2009 1:49 PM PDT
Apple and Linux are not going to save the world and Microsoft is not the "Evil Empire." Security through obscurity is not a viable option.

Security vulnerabilities exist because software developers are allowed to hide behind EULA's that allow them to escape liability for defective products. When there is a financial incentive to produce secure applications then we will have them. The same can be said for identity theft. When financial and other business institutions are held liable as co-conspirators in crime then we will see a major reduction in ID theft.

Class action lawsuits are one means of inspiring corporate change, but to be effective there needs to be support at a federal level. In short, laws to protect consumers instead of laws that favor corporations. It is the United States Congress that is both the problem and the solution. Witness the long overdue credit-card reform bill that recently became law.

In the US, the simple truth is that we no longer have a system of government "by and for the people." What we have is a government that is far too responsive to corporate and other special interest groups. Until "We the People" stand up and hold our elected officials accountable to us then nothing will change. Be informed of what your elected representatives are doing and vote every opportunity you have to do so. What every member of Congress wants is to be re-elected to another term. Make them earn your vote.
Reply to this comment
by hassan_bin_sober June 1, 2009 9:00 AM PDT
WHEE! the people.
by Dalkorian June 1, 2009 9:08 AM PDT
You're right that "security through obscurity is not a viable option". It's not a viable option, it's a myth.

Otherwise you're spot on.
(16 Comments)
  • prev
  • 1
  • next
advertisement

The browser battles go on and on

roundup From Firefox to IE and from Chrome to Opera and Safari, there's no sitting still for browser makers looking to keep their products fresh and competitive.

3G wireless still holds promise

The next generation of 4G wireless may get all the headlines, but advanced 3G technology will likely dominate services for the next few years.

About Security

Online security is threatened by more than hacking and phishing attempts. Check here for the latest updates on software vulnerabilities, data leaks, and rapidly spreading viruses--and learn how to protect your systems.

Add this feed to your online news reader

Security topics

advertisement
advertisement

Inside CNET News

Scroll Left Scroll Right