U.S. Army servers breached by Turkish hackers

Elinor Mills CNET News | June 1, 2009 4:44 AM PDT

Summary

Hackers penetrated two US army web servers and redirected traffic from those websites to other pages, including one with anti-American and anti-Israeli messages, according to a report.

Topics

U.S. Army, Web Site, Hacker, Hacking, Web Site Development, Security, Servers, Internet, Hardware, attack, U.S., Turkey, Elinor Mills CNET News

Vendor HotSpot

Here to help you with your Document Management Needs

Read the DocuMentor blog now

Learn More »

Hackers based in Turkey penetrated two US army web servers and redirected traffic from those websites to other pages, including one with anti-American and anti-Israeli messages, according to a report in InformationWeek.

The hackers, who go by the group name 'm0sted', breached a server at the army's McAlester Ammunition Plant in Oklahoma on 26 January and a server at the US Army Corps of Engineers' Transatlantic Center in Winchester, Virginia, on 19 September, 2007, the report said.

Investigators believe an SQL injection attack was used to exploit a vulnerability in Microsoft's SQL Server database in order to gain access to the servers.

See Also: Mysterious virus strikes FBI

It is unclear whether any sensitive information was accessed, according to the report.

Search warrants have been served on Microsoft, Yahoo, Google and other ISPs and email providers, while a criminal investigation is underway at the Defense Department, the US Army's Judge Advocate General's Office, and the Computer Emergency Response Team, InformationWeek reported.

The same group defaced the United Nations website in 2007, also using a SQL injection attack.

This article was originally posted on CNET News.

Talkback Most Recent of 23 Talkback(s)

Follow via:: RSS; Email Alert

A question that puzzles me

Why on Earth is an US Army's Ammunition Plant and an US Army Corps of Engineers running insecure software from M$, more precisely Microsoft SQL Server?

Presumably there are many other critical US institutions running dangerous software from M$. The world we're living in is way more dangerous than we thought.
InAction Man
1st Jun 2009
- Reply to
- Flag
Because if the issue at the

FBI, and FAA show anything, it is that Linux is as insecure, if not more, the Microsoft.

Is that the answer you were hoping would not be brought up?
GuidingLight
1st Jun 2009
- Reply to
- Flag
Which FBI issue would that be?

It can't possibly be this one:

http://www.theinquirer.net/inquirer/news/1137446/us-marshalls-fbi-hit-virus

because this was most definitely a Windows incident, as has been pointed out to you already.
Zogg
1st Jun 2009
- Flag
You mean the problem with Trend Micro's OfficeScan version 5.0

Where the silly federal coppers had paid Trend Micro for the upgrades of their windoze AV, but simply had not installed them?

What has Linux got to do with that?

Please explain!
InAction Man
1st Jun 2009
- Flag
Because you are as clueless as the "journalist" reporting this

Investigators believe an SQL injection attack was used to exploit a vulnerability in Microsoft's SQL Server database

That simply doesn't make sense. An SQL injection attack is directed at the application running in front of the database server.

UPDATE: Actually it can make sense if the attackers were using an application level vulnerability (SQL injection vulnerability) to access the SQL Server and then used this access to execute an unpatched or zero-day vulnerability.

SQL Server is no more vulnerable to SQL injection attacks than Oracle, MySQL, PostgreSQL or Sybase are. Simply because that class of attack is not directed against the database server. You need a vulnerable application to be vulnerable to SQL injection attacks.

But if you so wish to compare security you can start by comparing how many actual vulnerabilities had hit each system:

Oracle 10.x: 828
MySQL 5.x: 33
PostgreSQL 8: 26
MySQL 4.x: 26
PostgreSQL 7: 24
SQL Server 2005: 10

Notice the one at the bottom? Microsoft SQL server seems to be the most secure of the bunch.

So what was it again that you didn't understand? Need some explanation or were you just trolling?
honeymonster
1st Jun 2009
- Reply to
- Flag
Mystify me

NOT.

You better face reality man, no one here will be fooled but your mystifying efforts.

Some M$ zealots may play along with you and pretend they agree, but we both know full well they are just pretending, just as you are now.

I'm sure those in Redmond appreciate your efforts to protect their cash cows, but remember, you'll only get the crumbs while they eat the cake.

Don't try too hard unless they're paying you.
InAction Man
1st Jun 2009
- Flag
I'm offering you actual data

What basis do you have for claiming SQL Server is insecure "M$" software.

Do you have any links, statistics or factual data?

Do you believe that "SQL injection" attacks are due to a vulnerability in the underlying database system? (hint: Don't go there)

Do you believe that there any data to back up your assertion that "M$" SQL Server is more insecure than any other datbase system (hint: Don't compare to Oracle, the world most used database).

What do you have? Diatribe? Insults?
honeymonster
1st Jun 2009
- Flag
It's not the number of vulnerabilities that matter, it's their size.

One huge hole is much more disruptive than a myriad of tiny ones.

There's plenty of FACTUAL data proving that security holes in M$'s software are usually of large size, making exploits viable, while security holes in other software while probably more numerous, are as a rule much smaller rendering most exploits inviable. You'll have to rewrite history to erase those facts.
InAction Man
1st Jun 2009
- Flag
yadayadayada.

Sql injection works fine with Mysql (tips :the most used database), in fact its happens.

It is not a problem with sql server, in fact sql server is not "open to the world", instead is used by a interface (usually called web page). Forging result in the webpage allow to take control in the database.
magallanes
1st Jun 2009
- Flag
Journalistic habits rub off

I actually agree with most of what you said, but you play into the Anti M$ hands by listing ONLY MS SQL 2005 statistics and then pointing out that they are at the bottom. - not exactly the most popular version anyway...I have never seen it only as the MS DB engine. What are the figures for MS SQL 6.5, 7.0, 2000, or 2008?

Apart from that, it would be nice to occasionally see some statistics from the anti M$ lobby to back up their comments

By the way, I have no preference between O/S's, I use both. M$ very expensive but very easy to use. Linux love it's cost but very difficult to get to grips with if you don't have programming experience (but it is getting better)
steve@...
1st Jun 2009
- Flag
As requested

Oracle 10.x: 828
MySQL 5.x: 33
PostgreSQL 8: 26
MySQL 4.x: 26
PostgreSQL 7: 24
SQL Server 2005: 10
SQL Server 2000: 5
SQL Server 2008: 0

(fewer is better)
honeymonster
1st Jun 2009
- Flag
Researchers say...

If you are wearing a lab coat and black horned rim glasses while holding a clip board, 87.3% of the population will believe anything you say. Researchers are related to "Investigators". I'm part of the 12.7% that don't believe your "Investigators". Give me a link.
kozmcrae
1st Jun 2009
- Flag
Your education is sadly lacking...

Instead of reading your anti-Microsoft rant sites -- you should spend a bit more time to educate yourself.

Obviously, you have no idea what an SQL-Injection attack is -- otherwise you'd think a bit more before ranting.

I'll give you a hint -- it has something to do with badly written APPLICATIONS -- and NOTHING to do with the operating system or SQL engine in use...
Marty R. Milette
1st Jun 2009
- Reply to
- Flag
Perhaps I should go get some malware education in Russia,

I'm sure I would learn quite a bit about malware working there. Isn't that the reason why you moved there?

P.S. You have got NO CLASS.
InAction Man
2nd Jun 2009
- Flag
Yes, Marty, please use more class..

when you attack someone! ROTFLOL!

Give 'em hell!!
JCitizen
7th Jun 2009
- Flag