eWeek Article: Security Audit Flags Thousands of Military User Accounts
Results 1 to 8 of 8

Thread: eWeek Article: Security Audit Flags Thousands of Military User Accounts

  1. #1
    Senior Member genXer's Avatar
    Join Date
    Jun 2005
    Posts
    252

    eWeek Article: Security Audit Flags Thousands of Military User Accounts

    A colleague of mine sent this out to us. Amazing what an audit can find. Now I wonder what their action plan will be or will they just write thousands of deviations?!? Heh.

    Link: http://www.eweek.com/article2/0,1895...06dtx1k0000599

    Story Lead-in:
    Up to 20 percent of the computer accounts used by the U.S. military are unauthorized or abandoned, providing a major opportunity to hackers and foreign governments who want to spy on the United States, according to a senior military official.

    An ongoing audit of user accounts in the armed services has uncovered an epidemic of expired and unauthorized accounts, including 3,000 in DISA (Defense Information Systems Agency), 1,500 in the U.S. Army's Korean operation, and thousands more spread throughout the military services.
    I've seen this type of thing with accounts before. Non-existent, broken or outdated processes. I wonder if there are people who "inherit" jobs from other people and just use that person's, or worse, someone else's account to perform a task - like running scripts or jobs.

    The article also shows evidence of social engineering to hi-jack accounts or system access and other violations, like unmonitored enabled ports and services... man this article reads more like an audit report, and the more I think of it - I am not sure it should have been published to the general public, at least without sufficient time to address the vulnerable areas.
    \"We\'re the middle children of history.... no purpose or place. We have no Great War, no Great Depression. Our great war is a spiritual war. Our great depression is our lives. We\'ve all been raised by television to believe that one day we\'ll all be millionaires and movie gods and rock stars -- but we won\'t. And we\'re learning slowly that fact. And we\'re very, very pissed off.\" - Tyler (Brad Pitt) Fight Club.

  2. #2
    Senior Member genXer's Avatar
    Join Date
    Jun 2005
    Posts
    252

    eWeek Article: Security Audit Flags Thousands of Military User Accounts

    A colleague of mine sent this out to us. Amazing what an audit can find. Now I wonder what their action plan will be or will they just write thousands of deviations?!? Heh.

    Link: http://www.eweek.com/article2/0,1895...06dtx1k0000599

    Story Lead-in:
    Up to 20 percent of the computer accounts used by the U.S. military are unauthorized or abandoned, providing a major opportunity to hackers and foreign governments who want to spy on the United States, according to a senior military official.

    An ongoing audit of user accounts in the armed services has uncovered an epidemic of expired and unauthorized accounts, including 3,000 in DISA (Defense Information Systems Agency), 1,500 in the U.S. Army's Korean operation, and thousands more spread throughout the military services.
    I've seen this type of thing with accounts before. Non-existent, broken or outdated processes. I wonder if there are people who "inherit" jobs from other people and just use that person's, or worse, someone else's account to perform a task - like running scripts or jobs.

    The article also shows evidence of social engineering to hi-jack accounts or system access and other violations, like unmonitored enabled ports and services... man this article reads more like an audit report, and the more I think of it - I am not sure it should have been published to the general public, at least without sufficient time to address the vulnerable areas.
    \"We\'re the middle children of history.... no purpose or place. We have no Great War, no Great Depression. Our great war is a spiritual war. Our great depression is our lives. We\'ve all been raised by television to believe that one day we\'ll all be millionaires and movie gods and rock stars -- but we won\'t. And we\'re learning slowly that fact. And we\'re very, very pissed off.\" - Tyler (Brad Pitt) Fight Club.

  3. #3
    Banned
    Join Date
    Apr 2003
    Posts
    1,146
    I am surprised. That meeting is much like the Agora, here in Seattle. We have media show up, but they are required to keep their mouths shut. It's a concensus thing. We all know where everyone else lives.

    I bet that the eWeek dude wasn't supposed to be reporting from that meeting.

    Just my tuppence.


  4. #4
    Banned
    Join Date
    Apr 2003
    Posts
    1,146
    I am surprised. That meeting is much like the Agora, here in Seattle. We have media show up, but they are required to keep their mouths shut. It's a concensus thing. We all know where everyone else lives.

    I bet that the eWeek dude wasn't supposed to be reporting from that meeting.

    Just my tuppence.


  5. #5
    Senior Member
    Join Date
    Nov 2005
    Posts
    316
    no wonder most of these guys getting caught for stupid reasons on the internet have an account or have hacked into military
    you are entering the vicinity of an area adjecent to the location.

  6. #6
    Senior Member
    Join Date
    Nov 2005
    Posts
    316
    no wonder most of these guys getting caught for stupid reasons on the internet have an account or have hacked into military
    you are entering the vicinity of an area adjecent to the location.

  7. #7
    Senior Member
    Join Date
    Dec 2003
    Location
    Pacific Northwest
    Posts
    1,675
    Originally posted here by rapier57
    ...I bet that the eWeek dude wasn't supposed to be reporting from that meeting...
    I bet it will be a cold day in hades when he gets another invite for a meetin' with them or a story opportunity.



    The number of old accounts is shocking. I was under the impression that when a member is transferred to another location his account (profile, etc) is forwarded to that location. If the member is being released, the accounts are "supposed" to be removed.

    cheers
    Connection refused, try again later.

  8. #8
    Senior Member
    Join Date
    Dec 2003
    Location
    Pacific Northwest
    Posts
    1,675
    Originally posted here by rapier57
    ...I bet that the eWeek dude wasn't supposed to be reporting from that meeting...
    I bet it will be a cold day in hades when he gets another invite for a meetin' with them or a story opportunity.



    The number of old accounts is shocking. I was under the impression that when a member is transferred to another location his account (profile, etc) is forwarded to that location. If the member is being released, the accounts are "supposed" to be removed.

    cheers
    Connection refused, try again later.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •