A colleague of mine sent this out to us. Amazing what an audit can find. Now I wonder what their action plan will be or will they just write thousands of deviations?!? Heh.

Link: http://www.eweek.com/article2/0,1895...06dtx1k0000599

Story Lead-in:
Up to 20 percent of the computer accounts used by the U.S. military are unauthorized or abandoned, providing a major opportunity to hackers and foreign governments who want to spy on the United States, according to a senior military official.

An ongoing audit of user accounts in the armed services has uncovered an epidemic of expired and unauthorized accounts, including 3,000 in DISA (Defense Information Systems Agency), 1,500 in the U.S. Army's Korean operation, and thousands more spread throughout the military services.
I've seen this type of thing with accounts before. Non-existent, broken or outdated processes. I wonder if there are people who "inherit" jobs from other people and just use that person's, or worse, someone else's account to perform a task - like running scripts or jobs.

The article also shows evidence of social engineering to hi-jack accounts or system access and other violations, like unmonitored enabled ports and services... man this article reads more like an audit report, and the more I think of it - I am not sure it should have been published to the general public, at least without sufficient time to address the vulnerable areas.