Anti-U.S. Hackers Infiltrate Army Servers

May 29th, 2009

Anti-U.S. Hackers Infiltrate Army Servers

A known computer hacking clan with anti-American leanings has successfully broken into at least two sensitive Web servers maintained by the U.S. Army, InformationWeek has learned exclusively.

Department of Defense and other investigators are currently probing the breaches, which have not been publicly disclosed. Department investigators subpoena records from Google, Microsoft, and Yahoo in connection with ongoing probe.

The hackers, who are based in Turkey, penetrated servers at the Army’s McAlester Ammunition Plant in McAlester, Okla., and at the U.S. Army Corps of Engineers’ Transatlantic Center in Winchester, Va.

The breach at the McAlester munitions plant occurred on Jan. 26, according to records of the investigation obtained by InformationWeek. On that date, Web users attempting to access the plant’s site were redirected to a Web page that featured a protest against climate change.

On Sept. 19, 2007, the same hackers electronically broke into Army Corps of Engineers’ servers. That hack sent Web users to another page, which at the time, contained anti-American and anti-Israeli rhetoric and images. It currently appears to be an Internet landing spot that features airline reservation links.

Beyond the redirects, it’s not clear whether the group was able to obtain sensitive information from the Army’s servers.

The hacks are the subject of an ongoing criminal investigation by Defense Department officials and members of the U.S. Army’s Judge Advocate General’s Office and Computer Emergency Response Team. Investigators have executed records search warrants against Microsoft, Yahoo, Google, and other Internet service and e-mail providers as part of their efforts to unmask the hackers’ true identities.

Investigators believe the hackers used SQL injection to exploit a security vulnerability in Microsoft’s SQL Server database to gain entry to the Web servers. The group is known to have carried out similar attacks on a number of other Web sites in the past — including against a site maintained by Internet security company Kaspersky Lab.

The hacks are troubling in that they appear to have rendered useless supposedly sophisticated Defense Department tools and procedures designed to prevent such breaches. The department and its branches spend millions of dollars each year on pricey security and antivirus software and employ legions of experts to deploy and manage the tools.

Equally troubling is the fact that the hacks appear to have originated outside the United States. Turkey is known to harbor significant elements of the al-Qaida network. It was not clear if the hackers have links to the terrorist group.

Credit: Paul McDougall, InformationWeek

Share this item with others:

More on CyberInsecure:

Access To Hacked Government, Educational, Military Websites Sold On Underground Market

Patients Personal Data Compromised In Walter Reed Army Medical Center

Sensitive Information Stolen From Arizona Department Of Public Safety, 450 Megabytes Posted Online

US Army Website Compromised Through SQL Injection

Phishing Botnet Expands By SQL Injecting Websites Found In Google

Posted in Breaches And Incidents, Hacked, Microsoft, SQL Injections, Targeted Attacks |

Print This Post

This entry was posted on Friday, May 29th, 2009 at 2:23 am and is filed under Breaches And Incidents, Hacked, Microsoft, SQL Injections, Targeted Attacks. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

If you found this information useful, consider linking to it from your own website.
Just copy and paste the code below into your website (Ctrl+C to copy)
It will look like this: Anti-U.S. Hackers Infiltrate Army Servers