U.S. Army servers breached by Turkish hackers
Summary: Hackers penetrated two US army web servers and redirected traffic from those websites to other pages, including one with anti-American and anti-Israeli messages, according to a report.
The hackers, who go by the group name 'm0sted', breached a server at the army's McAlester Ammunition Plant in Oklahoma on 26 January and a server at the US Army Corps of Engineers' Transatlantic Center in Winchester, Virginia, on 19 September, 2007, the report said.
Investigators believe an SQL injection attack was used to exploit a vulnerability in Microsoft's SQL Server database in order to gain access to the servers.
See Also: Mysterious virus strikes FBI
It is unclear whether any sensitive information was accessed, according to the report.
Search warrants have been served on Microsoft, Yahoo, Google and other ISPs and email providers, while a criminal investigation is underway at the Defense Department, the US Army's Judge Advocate General's Office, and the Computer Emergency Response Team, InformationWeek reported.
The same group defaced the United Nations website in 2007, also using a SQL injection attack.
This article was originally posted on CNET News.
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
A question that puzzles me
Presumably there are many other critical US institutions running dangerous software from M$. The world we're living in is way more dangerous than we thought.
Because if the issue at the
Is that the answer you were hoping would not be brought up?
Which FBI issue would that be?
http://www.theinquirer.net/inquirer/news/1137446/us-marshalls-fbi-hit-virus
because this was most definitely a [i]Windows[/i] incident, as has been pointed out to you already.
You mean the problem with <i>Trend Micro's OfficeScan version 5.0</i>
What has Linux got to do with that?
Please explain!
Because you are as clueless as the "journalist" reporting this
That simply doesn't make sense. An SQL injection attack is directed at the <i>application</i> running in front of the database server.
UPDATE: Actually it can make sense if the attackers were using an application level vulnerability (SQL injection vulnerability) to access the SQL Server and <i>then</i> used this access to execute an unpatched or zero-day vulnerability.
SQL Server is no more vulnerable to SQL injection attacks than Oracle, MySQL, PostgreSQL or Sybase are. Simply because that class of attack is <b>not</b> directed against the database server. You need a vulnerable <b>application</b> to be vulnerable to SQL injection attacks.
But if you so wish to compare security you can start by comparing how many <i>actual</i> vulnerabilities had hit each system:
Oracle 10.x: 828
MySQL 5.x: 33
PostgreSQL 8: 26
MySQL 4.x: 26
PostgreSQL 7: 24
SQL Server 2005: 10
Notice the one at the bottom? Microsoft SQL server seems to be the most secure of the bunch.
So what was it again that you didn't understand? Need some explanation or were you just trolling?
Mystify me
You better face reality man, no one here will be fooled but your mystifying efforts.
Some M$ zealots may play along with you and pretend they agree, but we both know full well they are just pretending, just as you are now.
I'm sure those in Redmond appreciate your efforts to protect their cash cows, but remember, you'll only get the crumbs while they eat the cake.
Don't try too hard unless they're paying you.
I'm offering you actual data
Do you have any links, statistics or factual data?
Do you believe that "SQL injection" attacks are due to a vulnerability in the underlying database system? (hint: Don't go there)
Do you believe that there any data to back up your assertion that "M$" SQL Server is more insecure than any other datbase system (hint: Don't compare to Oracle, the world most used database).
What do you have? Diatribe? Insults?
It's not the number of vulnerabilities that matter, it's their size.
There's plenty of FACTUAL data proving that security holes in M$'s software are usually of large size, making exploits viable, while security holes in other software while probably more numerous, are as a rule much smaller rendering most exploits inviable. You'll have to rewrite history to erase those facts.
yadayadayada.
It is not a problem with sql server, in fact sql server is not "open to the world", instead is used by a interface (usually called web page). Forging result in the webpage allow to take control in the database.
Journalistic habits rub off
Apart from that, it would be nice to occasionally see some statistics from the anti M$ lobby to back up their comments
By the way, I have no preference between O/S's, I use both. M$ very expensive but very easy to use. Linux love it's cost but very difficult to get to grips with if you don't have programming experience (but it is getting better)
As requested
MySQL 5.x: 33
PostgreSQL 8: 26
MySQL 4.x: 26
PostgreSQL 7: 24
SQL Server 2005: 10
SQL Server 2000: 5
SQL Server 2008: 0
(fewer is better)
Researchers say...
Your education is sadly lacking...
Obviously, you have no idea what an SQL-Injection attack is -- otherwise you'd think a bit more before ranting.
I'll give you a hint -- it has something to do with badly written APPLICATIONS -- and NOTHING to do with the operating system or SQL engine in use...
Perhaps I should go get some malware education in Russia,
P.S. You have got NO CLASS.
Yes, Marty, please use more class..
Give 'em hell!!
let's see: hacked in 2007 - investigation starts in 2009 . . .
we didn't want the baddies to know it worked??
think they would have figured that out when the traffic to the new server started spiking.
so, does the Army think M$ and others are complicit, or at least negligent in this action against them??
one can only hope that the Army learned their lesson about using M$ web servers.
just hope there wasn't any open connection between the web server and any sensitive database server.
yo.
:)
.
MS Webservers???
Lets hope the army has learned to hire some competent developers instead.
RE: U.S. Army servers breached by Turkish hackers
RT
www.online-privacy.vze.com
RE: U.S. Army servers breached by Turkish hackers
seems when it comes to Modern systems the Government and
Military are to Civilian. Not like the Old days.
Time laps... Nothing new, not one bit. I do believe theres Legal
reasons why it cannot be made public. Its technically a mater of
national security until such time as it is no longer sensitive and
can be Declassified. But we all know that system works only when
they want it to, since stuff that technically Public Knowledge is
still Classified... Absurd, but its the way we do Government.
RE: U.S. Army servers breached by Turkish hackers