Royal Navy takes hacked site offline

The Royal Navy has suspended its public relations website, www.royalnavy.mod.uk, after the site was compromised.

The site was hacked on Friday, according to a Twitter post by researcher 'TinKode', a member of the insecurity.ro group. TinKode claimed the hack, and on Saturday published details TinKode said were gleaned from the compromised server, including passwords.

A Royal Navy spokesman told ZDNet UK on Monday that the site remained down, but that no classified details had been revealed by the hack.

"We can confirm that there was a compromise of the Royal Navy public-relations internet website over the weekend," said the Royal Navy in a statement. "There has been no malicious damage; but as a precaution, the Royal Navy website has been temporarily suspended. Security teams are investigating. Access to this website did not give the hacker access to any classified information."

The spokesman added that the hack "was an embarrassment, not a threat." He was not aware of the technical details of the hack, an said an investigation was ongoing.

TinKode said in a summary of the hack that the Royal Navy webserver was running Red Hat Linux as an operating system. The webserver, which was vulnerable to SQL injection, gave access to a number of passwords.

Graham Cluley, senior technology consultant with security company Sophos, told ZDNet UK on Monday that the hack was not malicious.

"We should be grateful [the hack] was mischievous, not malicious," said Cluley. "The concern is that people who visited the site could have been compromised [with a malicious hack]."

Cluley said in a blog post on Monday that the hack follows a number of government announcements about combatting cyberattacks.