army.mil defaced

[Tedob1]

come on army!?!


02/23/2004

http://www.zone-h.com/en/news/read/id=4043/

Another web site (tsn.wes.army.mil) belonging to the US Army got defaced yesterday, a member of the Brazilian crew r00t_system modified the index page to put the name of his group on it "amarelo was here ! r00t_system defacers crew 2004 ! irc.brasnet.org /j #ry ! sur00t@america.hm ! fuc".

It is the fourth US Army site to be hacked this year, this time the Windows 2000 box with the Microsoft IIS 5 web server had its frontpage extensions misconfigured.

[alittlebitnumb]

It goes to show how our Homeland Security dollars are being managed. It's a sad, sad thing to know they do not take measures to secure something like the Army's servers.

[.:front2back:.]

Ah tis it is a shame that the Government worries about everything else, but protecting there own Servers, that could hold secret imformation.
Who says that if it was that easy to deface there website, maybe it would be easier to steal private information?
Well if there frontpage extensions are misconfigured, then what else is misconfigured?

thanks for the interesting read Tedob

.:front2back:.

[MrLinus]

I was about to say who says the site has anything of importance until I visited it this morning: "Tri-Service Solicitation Network". Good lord! It's the bidding site! I thought these sites were supposed to meet certain standards in regards to security.

[nihil]

Well if there frontpage extensions are misconfigured, then what else is misconfigured?

My money would be on print servers.............whilst .gov and .mil users have plenty of funds for anything that is "cutomer facing" or a "battlefield application", their internal IT has a very lean budget...........politicians and generals just don't understand

So a former apps or file server is pressed into service as a print server, with its internet connectivity still enabled and minimal security. After all, who expects their print server to attack them? This is also true of commercial organisations, people don't think/bother to sanitise the machine when it is decomissioned.............they just move the files (which users want) and apps (which incur licence fees)?

It is vaguely reminiscent of the "old days" when IT was responsible for mainframe and mid-range stuff, and most users had dumb terminals (OK there were a few PCs with 5250 emulation cards in them) and most PCs were stand alone and purchased by the user departments.

The weakest point in the organisation was the conference and meeting rooms, because the kit was frequently under the control of HR (human remains) People came in with lectures and presentations on floppy disks, and most viruses were boot sector or file infectors............In my experience, HR are not the strongest growth in the vinyard when it comes to AV?

So go check your print server security folks.............you may get a surprise

Cheers

[Tachyon]

While I share all of your concern with this (Old Air Force net security guy) I love to see when people start talking about 'classified information' or private information. If its military and its on the web, its usually not that important.

Classified information has its own internal network, not connected to the WWW. So while hacking some obscure army server does challenge the security of military networks as a whole, it is by no means an indication that 'classified information' or private information is on the outside.

There is a shake up in military IT. A few years ago you had decently experience folks(like myself) handling what we call Information warfare. As times change, they need folks like me in other places, filling other positions. So in comes the civilian contractor. So right now we are in a state of tranistion in a lot of areas, and as you can expect, sometimes turnover of systems isn't all that great.

But hey thats not an excuse either.

Anyway

*edit* I misread something and decided to act too harshly. Good points all around

[RoadClosed]

Tachyon is correct. If someone needs access to the internet and classified systems at the same time, he or she will have TWO separate systems on the desk. While oversight into non-classified systems isn’t overly tight, those systems carrying classified information are critically screened. It does give off an impression of lax security though when PUBLIC web servers are defaced. I imagine they get hammered 24/7. No one here can honestly say they would come out ahead if those groups targeted your own domains. I wouldn’t boast that in public anyway.

This could be and example of how a small oversight into configuration of a webserver is very costly.

[The Old Man]

Without going into great detail here, we need to remember that every "command" is actually a separate entity, with different IT personnel, different levels of training and different levels of security interest and capability as well as different internal personnel problems. "Homeland Security from D.C." cannot monitor the *actual* security at every remote or separate command. In fact, nothing of military combat value is really classified below the Division level as far as equipment goes. If you are an officer in a SOF unit, or a major commander,chances are some "enemy" (used to be the Russians, maybe still is, and don't forget the ChiComs) has a more complete folder on you than your own Personnel office does. This is not to say that unit security breaches are not serious, they are of course. One problem with military IT security is the spiderweb of civilian contractors: If just one of them has a link into the mainframe then anyone in that office, or anyone who can tap into that office, may be able to access the data wherever those computers are hooked together by a modem.
And don't forget the disinformation factor; if i am a division commander and there is a hostile across the fence, i just might start sending my subordinates nasty messages about not ordering any ammo and we're clear out of everything, all the tanks and trucks that are broke down and all the soldiers that have gut-wrenching diarrhea and can't even stand up straight, and if the enemy attacked right now we'd just have to wave the white flag.... well, you get the idea.
The only way you are going to get *really* tight security at every computer terminal in the military is to require serious IT-security levels for every IT specialist at the lowest unit level. And as soon as you do that, every qualified E7 in the military will get out and go to work for industry starting at five times the wage he makes in the military after being there for 12 years. So you compartmentalize the serious information and the serious data, the serious systems, and do the best job you can with the other stuff.
Really over-simplified, but you get the idea...

(edit) went to see the site, and it's simply a consolidation of all the jobs you (as a contractor) might bid on from that facility and some others who piggyback on the site. The same info is posted hardcopy all over the planet at publicly available corkboards. Not a bad idea to consolidate the solicitations where everyone with internet savvy can have an equal chance at contract jobs for the military.
Still not an excuse for an improperly configured server...

[nebulus200]

*sigh* Make it five...

http://www.zone-h.org/en/defacements/special

Come on Army!

[reaper44]

People what does this tell you?if you have win 2000 server get rid of it!!!!the patchs dont block all the holes in that software. Also if thay are using tsn for web hosting?the address may be a coincdence, but i have to say tsn doesnt know security if it bit them in the a**