Feeds

Turkish hackers breach US Army servers, says report

SQL injection strikes again

The essential guide to IT transformation

US government investigators are probing breaches of two sensitive Army webservers by suspected Turkish hackers, according to a report by InformationWeek.

One of the servers, located at the Army's McAlester Ammunition Plant in Oklahoma, was penetrated on January 26, according to the publication, which cited investigative records it reviewed. The hack was carried out by a Turkey-based collective known as "m0sted" and caused people attempting to access the site to be redirected to a webpage protesting climate change.

A separate security lapse occurred in September 2007, when the same band of attackers broke into Army Corps of Engineers' servers. They sent site visitors to m0sted.com, which at the time contained anti-American and anti-Israeli rhetoric and images, the records showed.

It was unclear if either hack allowed the hackers access to sensitive information, InformationWeek said.

The report comes as President Barack Obama on Friday declared the government computer networks a strategic national asset whose protection should be a top priority. He pledged to create a new White House post that would coordinate a comprehensive cybersecurity strategy throughout the entire country.

The breaches on the Army websites were likely the result of SQL injection attacks that allowed the hackers access to the server databases. Such attacks generally take advantage of web applications that fail to properly sanitize text entered into search boxes and other website fields. By entering SQL commands, the hackers can gain control over vulnerable sites.

Investigators for the Department of Defense and other agencies have subpoenaed records from Google, Microsoft, Yahoo and others in an attempt to learn the identities of the hackers.

The article is here. ®

5 things you didn’t know about cloud backup

More from The Register

next story
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
Chinese hackers spied on investigators of Flight MH370 - report
Classified data on flight's disappearance pinched
KER-CHING! CryptoWall ransomware scam rakes in $1 MEEELLION
Anatomy of the net's most destructive ransomware threat
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Researchers camouflage haxxor traps with fake application traffic
Honeypots sweetened to resemble actual workloads, complete with 'secure' logins
prev story

Whitepapers

Gartner critical capabilities for enterprise endpoint backup
Learn why inSync received the highest overall rating from Druva and is the top choice for the mobile workforce.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.