Report: Turkish hackers breached U.S. Army servers

Hackers based in Turkey penetrated two U.S. Army Web servers and redirected traffic from those Web sites to other pages, including one with anti-American and anti-Israeli messages, according to a report in InformationWeek.

The hackers, who go by the group name "m0sted," breached a server at the Army's McAlester Ammunition Plant in Oklahoma on January 26 and a server at the U.S. Army Corps of Engineers' Transatlantic Center in Winchester, Va., on September 19, 2007, the report said.

Investigators believe an SQL injection attack was used to exploit a vulnerability in Microsoft's SQL Server database in order to gain access to the servers.

It is unclear whether any sensitive information was accessed, according to the report.

Search warrants have been served on Microsoft, Yahoo, Google, and other ISPs and e-mail providers, while a criminal investigation is underway at the Defense Department, the U.S. Army's Judge Advocate General's Office, and the Computer Emergency Response Team, InformationWeek reported.

The same group defaced the United Nations Web site in 2007, also using a SQL injection attack.

[Lumiseon]

I want to know why and how people keep hacking the US. The US really needs to step up security a notch or 10 thousand.

[murbo]

because US alienated the world during these last years thanks to george jr. and by living in its own climate controlled planet while not giving a crap about the rest of the world.
because of arrogance or ignorance... choose one

[ikramerica--2008]

yep, there was never any spying or hacking before 2001. nope.

[davrosthedalek]

The 9/11 plot was put in place 5 years before Bush was even thinking about running for President. Terrorist and hackers always hated the country and it will never stop.

[srose152]

As a former US Army Information Operations team member, it would seem that certain divisions are not being provided with InfoSec Vulnerability Assessments. Such an assessment would have provided the necessary security recommendations that would have corrected the SQL Injection flaw. However, some traditional military commanders think time is better spent supporting combat-only units, and will end up abolishing cyber-security units. Go Figure!

[JasonCe]

A 'SQL Injection' is NOT a security vulnerability in a SQL (MSSQL, MYSQL, ORACLE, POSGRESQL, ETC) server. It is a security vulnerability in the web application that accesses the database. So this is NOT Microsoft's fault, but the fault of the poor programming utilized by the army's web application developer.

[brodie657]

Yup. It works in any database - since when did writing crappy code and not binding your variables become a vulnerability of the database?

[SlimGem]

Hey didn't you hear, the Army's switching to Vista. No problem.

http://news.cnet.com/8301-13860_3-10246768-56.html

[myles taylor]

Yea, just another example of our government wasting money. Why not wait a few months and get Windows 7?

[dennisl59]

All Security Issues are a direct result of ALL H1-B Subcontractors being Agents of Foreign Governments.

[Dan7637]

seriously hackers are nothing but a bunch of cowards hiding behind their computers doing nothing but pissing people off, we should prosecute hackers like they were murders and have death penalty for hackers

[queticomn]

When is the government going to get serous about security an migrate to Linux, ans how bout saving saving some tax payer money an migrate to Linux.

[Dalkorian]

Yeah, that'll really help the ecomony. Next you'll suggest we put water, like out of the toilet, on our plants instead of Brawndo the thirst mutilator. It's got electrolytes!

;-)

[Hokulea]

Apple and Linux are not going to save the world and Microsoft is not the "Evil Empire." Security through obscurity is not a viable option.

Security vulnerabilities exist because software developers are allowed to hide behind EULA's that allow them to escape liability for defective products. When there is a financial incentive to produce secure applications then we will have them. The same can be said for identity theft. When financial and other business institutions are held liable as co-conspirators in crime then we will see a major reduction in ID theft.

Class action lawsuits are one means of inspiring corporate change, but to be effective there needs to be support at a federal level. In short, laws to protect consumers instead of laws that favor corporations. It is the United States Congress that is both the problem and the solution. Witness the long overdue credit-card reform bill that recently became law.

In the US, the simple truth is that we no longer have a system of government "by and for the people." What we have is a government that is far too responsive to corporate and other special interest groups. Until "We the People" stand up and hold our elected officials accountable to us then nothing will change. Be informed of what your elected representatives are doing and vote every opportunity you have to do so. What every member of Congress wants is to be re-elected to another term. Make them earn your vote.

[hassan_bin_sober]

WHEE! the people.

[Dalkorian]

You're right that "security through obscurity is not a viable option". It's not a viable option, it's a myth.

Otherwise you're spot on.