Hacker compromised Royal Navy security
Tuesday 09 November 2010
Computer details of current and former defence staff, including a former Royal Navy head, were posted on the internet after a hacker broke into a military website and shut it down.
The Royal Navy website was taken offline after being "compromised" by the hacker, codenamed TinKode, who has a history of breaching government databases including Nasa, the US Space Agency and the Pentagon.
The Ministry of Defence stressed yesterday that no "malicious damage" had been inflicted on the Royal Navy site, which did not contain any classified information. However, the site has been down for three days and TinKode, who is Romanian, posted so-called "hash values" for Ministry passwords he claimed to have obtained from his illegal entry. With hash values, hackers can crack passwords a lot more easily. One of the named accounts was for former First Sea Lord Admiral Sir Jonathon Band.
In the wake of the disclosure, other hackers piled in with additional material including five passwords for other members of staff. The MoD insisted that the information posted would not allow anyone access to secrets.
The electronic break-in took place on Friday night. Visitors to the website yesterday morning were greeted with the message "Unfortunately the Royal Navy website is currently undergoing essential maintenance. Please visit again shortly." A message posted by TinKode on the social networking site Twitter read: "Minister (sic) of Defence United Kingdom – HACKED". According to members of the hacking community, TinKode used to be a member of Hackers Blog, a collective of cyber activists who ran a campaign of breaking into websites to highlight security flaws.
Members of the group were known as "white hats" who did not harm the websites. But TinKode is said to have since become a "grey hat" – someone who deliberately publishes sensitive information online.
TinKode is believed to have used a "SQL injection attack" to target the Navy website, a common method which exploits vulnerabilities in databases used by websites. Once entry has been gained, the hacker can look at and download sensitive data as well as upload malicious software.
Rik Ferguson, a cyber security analyst at the company Trend Micro, said: "It's always embarrassing when something public is successfully hacked and should serve as a warning to anyone who has a presence online to take all the necessary steps to secure their websites." The MoD said: "There has been no malicious damage, but as a precaution the website has been temporarily suspended. Security teams are investigating."
Officials said the site had the level of security needed to prevent "things like silly pictures being put in". TinKode's actions, said one official, added nothing to the debate on cyber security.
- 1 Germanwings crash: Police make 'significant discovery' at home of co-pilot Andreas Lubitz
- 2 JK Rowling responds to fan tweeting she 'can't see' Dumbledore being gay
- 3 The West has it totally wrong on Lee Kuan Yew
- 4 #FreeTheNipple: Women in Iceland bare breasts in solidarity with trolled student
- 5 Jeremy Clarkson calls on trolls to leave producer Oisin Tymon alone: 'None of this is his fault'
Germanwings crash: Police make 'significant discovery' at home of co-pilot Andreas Lubitz
Andreas Lubitz: Who is Germanwings co-pilot who 'locked out captain and crashed flight 9525'?
#FreeTheNipple: Women in Iceland bare breasts in solidarity with trolled student
Russia unveils plans for high speed railway and superhighway to connect Europe and America
Cate Blanchett loses temper during interview: 'That's your f**king question?'
Nigel Farage brands LGBT activists 'filth' and 'scum' and accuses them of scaring away his children after they invade his local pub
Ukip supporters are 55 or older, white and socially conservative, finds British Social Attitudes Report
JK Rowling responds to fan tweeting she 'can't see' Dumbledore being gay
Russia threatens Denmark with nuclear weapons if it tries to join Nato defence shield
Jeremy Clarkson sacked live: Alan Yentob 'wouldn't rule out' ex Top Gear host's BBC return
Germanwings plane crash live: Andreas Guenter Lubitz intentionally crashed flight 9525 into the Alps in act of mass murder and suicide – latest
£50000 - £65000 per annum: Recruitment Genius: Due to continued business growt...
£20000 - £22000 per annum: Recruitment Genius: An exciting opportunity has ari...
£20000 - £25000 per annum: Recruitment Genius: This is a fantastic opportunity...
£25000 - £30000 per annum: Recruitment Genius: Well established and expanding ...