Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
United States Government Security The Military Politics

US Army Website Hacked By Syrian Electronic Army 116

swinferno writes: On Monday afternoon, the Syrian Electronic Army claimed on Twitter to have successfully hacked the website of the United States Army, army.mil. Various screenshots that appeared on Twitter reportedly showed pro-Assad propaganda on the site before it crashed. "Today an element of the Army.mil service provider's content was compromised. After this came to our attention, the Army took appropriate preventive measures to ensure there was no breach of Army data by taking down the website temporarily," spokesman Brig. Gen. Malcom B. Frost said in a statement.
This discussion has been archived. No new comments can be posted.

US Army Website Hacked By Syrian Electronic Army

Comments Filter:
  • Obligatory (Score:5, Insightful)

    by darkain ( 749283 ) on Monday June 08, 2015 @11:31PM (#49873203) Homepage
    • Hmmm... they actually did get into the webserver... it wasn't just a DDOS attack or something. They actually got in.

      Now did they get anywhere near anything we care about? Probably not. But they did get in to something.

      Possibly read it this way:

      "vandals broke into a sign put up by the US military and changed the letters around to say POOP"... they did get in... just... to a place no one cares about.

      • Yeah, that's exactly what that XKCD is saying. They got at an externally hosted server that would have occasionally been accessed FROM a (more, but not highly) secure .mil network, but doesn't have any access TO any .mil network.

        It's about as significant as shitting through a recruiting office letterbox in a mall.

        • emmm... not really. just because there isn't secure information in there doesn't mean it is "okay" that it got busted.

          First there is a question of prestige here. You don't let shitstain hackers break into your webserver. You just don't.

          Second, I'm not sure there was nothing in there of value. It could have contained something that would point them at other systems or give them deeper knowledge of the infrastructure of another network. And they could leapfrog from one to the next.

          It definitely was a breach..

          • You can still hack that, just need to go after the DNS server instead.

            And yes, Government rank reputation very highly when you do a risk review, but IFF there was anything on this server that wasn't UNCLASSIFIED:For Public Release, then there was *already* a breach.

            Experience with some corporate wanker does not reflect the way the military/government do security at all.

            • hacking a dns server doesn't touch the military webserver. That is bypassing it and hacking public systems to redirect you.

              Quite different.

              • How does the method change the effect?

                • The effect is not the issue here. What actually happened is the issue.

                  Furthermore, the DNS effects only systems effected by the DNS hack.

                  If you use a private DNS system... which you should if it is high security... then you would completely ignore the issue.

                  What some jerkoff sees when he connects to your system is one thing. What actually happened to your systems is another.

                  • Nope, to all that.

                    Effect is the entirely the issue. The effort required to ensure this kind of thing *NEVER* happens is entirely disproportionate to the effort required to ensure that there is nothing of real value on an internet accessible server (or from it).

                    Furthermore, a DNS attack that re-delegates the domain to different DNS servers would mean everyone (other than internal users that wouldn't be be using public DNS servers) would see the affected page, which is what they want, "how" is entirely irrele

          • First there is a question of prestige here.

            And authority. Who is going to take seriously the idea that backdoored encryption will be be properly safeguarded by the government when just in the past week they just turned over 4 million federal personnel records and an army website over to "hackers"?

            One would have to be abysmally stupid to take information security advice from anyone with their track record. The next time you hear a government official claiming that making our systems less secure is a good idea the correct response is open ridicule an

            • As to the proper response to idiots in real situations... I've found its best to just humor them and then quietly negate the damage they could possibly do when they're not paying attention.

            • And authority. Who is going to take seriously the idea that backdoored encryption will be be properly safeguarded by the government when just in the past week they just turned over 4 million federal personnel records and an army website over to "hackers"?

              Government response: "But, TERRORISM!"
              *too many people nod their heads in agreement while the rest of us shake ours in dismay*

            • So because a system was hacked, you can't trust anyone working for the government on security? I heard that a corporate web server was hacked, I guess we can't trust anyone working security for corporations anymore, they couldn't know what they are talking about.

        • Re:Obligatory (Score:4, Insightful)

          by TubeSteak ( 669689 ) on Tuesday June 09, 2015 @01:33AM (#49873579) Journal

          It's about as significant as shitting through a recruiting office letterbox in a mall.

          Unless they dropped some malware on the site and infected the people who unknowingly visited the page.

          • by mjwx ( 966435 )

            It's about as significant as shitting through a recruiting office letterbox in a mall.

            Unless they dropped some malware on the site and infected the people who unknowingly visited the page.

            Which is about the same as someone sending you tissue full of mucus and flu germs through the mail. If you're only at threat if you dont throw it away and wash your hands.

    • Agreed. It's the Internet equivalent of graffiti. It's an embarrassment, to be sure, but breaking and entering, it is not.

  • Different goals (Score:4, Interesting)

    by Bathroom Humor ( 4006829 ) on Monday June 08, 2015 @11:50PM (#49873269)

    I guess you can tell the ambition of an attack based on how obvious it is.
    When the Syrian Electronic Army hacks a website, they simply vandalize it and make a lot of noise. When someone else, say the Chinese government, hacks a web address, they ignore the front pages altogether and go straight for the data centers. Way more discrete, way more dangerous.

    I could make a fart analogy out of this. So I will.
    The silent ones are the ones you need to fear.

    • I had a theory the recent Chinese break in was to see how their already-placed agents scored on these background checks...plus it gives them intel on how their spies can overcome our checks in the future.
      • That could very well be true. Think of the quietest, closest, most drawn out fart imaginable. Terrifying. Then trying to find out who exactly the culprit is... nobody wants to fess up to something that odorous.

        But it does make me wonder; How well is the U.S. set up in China? We HAVE to be snooping in on them, even if it isn't made public nearly as often. That tells me that either we aren't very good at getting sensitive data, or our farts are tremendously delayed and powerful. hmmm...

      • by rtb61 ( 674572 )

        The Chinese and Russian are both losing interest in the US government and are focusing on where the real power is, US corporations and their executives and board members. Why spy on the puppet, when it is much more effective to spy on the corruption at actual real top.

  • seems to be similar policy. Manning should have never been able to use a USB stick on an Army system. Snowden should have never been given so much access to various systems. These "failures" are the fault of the organization, not the individuals. The concept of "compartmentalization" exists for a reason. Personally I am glad both people were able to do what they did...but with proper security in place this would have never happened.
    • by gavron ( 1300111 ) on Tuesday June 09, 2015 @12:16AM (#49873371)

      Oh good job, Captain Hindsight! You are absolutely right! Manning should have never been able to use a USB stick [takes notes]. Also Snowden should have never been given so much access [takes notes].

      "...this would have never happened."

      Oh excelsior! Your powers of observation and hindsight deduction are without compare. Between that and your three split infinitives all I can say is BRAVO, SIR, BRAVO! You truly have your finger on the pulse of ... everything that's that wrong.

    • Forbidding portable media didn't work well in the days of the floppy disk, and doesn't work now. Much better to talk to people, make sure no one has a justifiable grievance against an immediate supervisor. If someone sees something to blow a whistle about, give them a way to do so that isn't so damaging and doesn't have a bunch of organization men conflating treason to the nation with refusal to look the other way when they lie and cheat. We should be grateful to whistleblowers, not treat them with suspi

      • Quite true, but from an ITSEC standpoint the fact that the USB ports aren't physically disabled seems to be just asking for a leak.
  • Really? Is hacking the US gov. still a thing?

  • I think that the damage to USA is very much over-exaggerated. So, the article says, that the informational gate to one of the websites has been messed up for some time.

    So here is the prospective: if 50 years ago some some villages boys would have desecrated the entry of the US military base by peeing on the gates, or dropping a dead animal, nobody would care.

    Same with the desecration of US website. The readiness and combat abilities did not decreased at all.

  • I bet ten hard drives that the Army hacked it's own site and blamed it on Syria for propaganda reasons. Any takers?

    • Accepted. I bet one prostitute against your bet. Reason: too much loss of prestige involved in doing such a thing.
  • You think with all the nonsense that happens here, someone would have taken offense and hacked into the /. servers.

Business is a good game -- lots of competition and minimum of rules. You keep score with money. -- Nolan Bushnell, founder of Atari

Working...