Hacker Wars: Hacker Breaches U.S. Army Database

Hackers-With-An-AgendaIt appears that the ongoing campaign of cyber warfare has claimed yet another victim, once again a government institution. In the latest in a long series of institutions and organizations plagued by cyber crime, the U.S. Army Corps of Engineers announced that back in January, a hacker compromised a U.S. Army database that holds sensitive information about vulnerabilities in U.S. dams.

The database in question was the U.S. Army Corps of Engineers’ National Inventory of Dams, a source that contains information about 79,000 dams throughout the US and tracks such information as the number of estimated deaths that could occur if a specific dam failed. It’s accessible to government employees who have accounts, and non-government users can query the database, but are not permitted to download data from it.

hacker_damThe breach was first reported by Free Beacon, a non-profit online publication, and has since been confirmed by the Army Corps of Engineers. Pete Pierce, a spokesman for the ACE, released a statement, saying that:

The U.S. Army Corps of Engineers is aware that access to the National Inventory of Dams (NID), to include sensitive fields of information not generally available to the public, was given to an unauthorized individual in January 2013 who was subsequently determined to not to have proper level of access for the information. [U.S. Army Corps of Engineers] immediately revoked this user’s access to the database upon learning that the individual was not, in fact, authorized full access to the NID.

The Corps of Engineers further indicated on their website that account usernames and passwords had since changed “to be compliant with recent security policy changes.”

Unnamed U.S. officials told the Free Beacon that the breach was traced to “the Chinese government or military cyber warriors,” but offered no information to support the claim. It is well known by intrusion specialists that hackers can use proxy servers or hijacked computers to conduct a breach and make it look as if the source was a specific country or individual.

hackers_securityMichelle Van Cleave, a former senior adviser to the Executive Agent for Homeland Security and Department of Defense and a former consultant to the CIA, went on record as saying that the breach appeared to be part of an effort to collect “vulnerability and targeting data” for future cyber or military attacks, though she didn’t say how she came to this conclusion.

If the intrusion was the work of the Chinese military, then it’s possible this was nothing more than a fact-finding mission on their part, designed to gather information on America’s infrastructure and hydroelectric facilities. The far worse possibility was that this was the result of private hackers, who sought to obtain information about US dams are part of a planned attack, looking to see which dam would cause the most harm if it were disabled by a physical or cyber-attack.

Whether it was the result of government-sponsored hackers, private hackers, or potential terrorists, it is clear that in the wake of the recent intrusions into US government databases, and the recent bombing in Boston, that security forces in the US will be on the lookout for similar breaches. In an age of electronic warfare, the best defense is not a good offense, but the ability to identity enemies and deploy countermeasures.

Source: Wired.com

The Hacking Continues…

hackers-1Cyberwarfare has been making it into the news quite a bit of late. From the international cyber-spying virus known as “Red October”, to China’s hacking of the New York Times and Bloomberg L.P., to intrusions into major software companies and social utilities, it seems no one is immune or unassailable in the digital age. What’s more, there are indications that it is nation states that may be leading the charge.

The latest victim in the ongoing war was Microsoft, which recently admitted that it too has been targeted by hackers. The announcement came in the midst of such tech giants as Apple, Facebook, and Twitter reporting security breaches linked to a software developer’s website, which would apparently infect programmers’ computers after they visited the site.

hacker_@In a statement posted by general manager Matt Thomlinson, Microsoft experienced intrusions of a similar nature. Though they did not specify who these hackers were, Mike Isaac at AllThingsD recently identified the website in question as iPhoneDevSDK, a site popular with mobile-app developers. In response, iPhoneDevSDK recently told users that it discovered that an administrative account on its site had been hacked, which allowed hackers to inject infectious code into its Web pages.

Once again, there are many who suspect that these attacks are linked to sources in China. In recent years, the Chinese government has been indicted in several attacks on American media chains as well major companies, as part of a wider campaign to steal trade secrets and monitor and manipulate how China is portrayed in the news.

As it stands, it is not yet clear whether this represents a part of that campaign, or if private hackers are simply using extra-covert means to conduct a little anti-corporate mischief on the side. Personally, I hope it’s the latter, as the idea of nations inciting cyberwarfare against each other is not exactly the most comforting notion! But then again, knowing that they are spying on each other kind of gives those of us who are afraid of “Big Brother” a bit of a reprieve doesn’t it?

Source: businessinsider.com