Feeds

Hacker sinks Royal Navy website

SQL injection exploited by serial military site 'show-off' hacker

SANS - Survey on application security programs

The Royal Navy's main website has been taken offline following claims by a Romanian hacker that he broke into the site, swiping the login credentials of administrators in the process.

The hacker, TinKode, posted information on the web to support his claim to have penetrated the site, www.royalnavy.mod.uk.

Royal Navy website is down

The Royal Navy replaced its website with this static image.

TinKode has previous form for breaking into the website of military organisations. He had previously published data on SQL injection vulnerabilities in sites run by the US Army and (separately) information about security holes on Nasa's website, net security firm Sophos notes.

Sophos reckons the attack was motivated out of mischief rather than anything more nefarious or malign, such as an attempt to plant malicious code targeting surfers visiting the site, many of who could be expected to work in the defence industry.

"This hack was more about showing off and embarrassing people," a Sophos spokesman explained. Sophos reckon TinKode broke in using a SQL injection vulnerability on the jackspeak* blog.

The site is primarily designed to publicise the Navy's work and to act as a point of contact for recruitment. It's very unlikely that any confidential much yet secret material was kept on a public facing website.

Nonetheless the attack is hugely embarrassing, not least because it happened less than a month after defending against cyber-attacks was ranked alongside combating international terrorism as the two highest priorities for UK national security at the end of the National Security Strategy review. ®

* Jackspeak is a term for navy slang - eg "It's warmer in here than a jan dockie's starboard oggy pocket" (translation: It's quite warm). Thanks to former Navy officer turned Reg defence correspondent Lewis Page for this insight into navy life.

Combat fraud and increase customer satisfaction

More from The Register

next story
Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker
Natter-board tells middle-class Britain to purée its passwords
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
NSA denies it knew about and USED Heartbleed encryption flaw for TWO YEARS
Agency forgets it exists to protect communications, not just spy on them
prev story

Whitepapers

Designing a defence for mobile apps
In this whitepaper learn the various considerations for defending mobile applications; from the mobile application architecture itself to the myriad testing technologies needed to properly assess mobile applications risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.