Army's Public Website Has Been Hacked. Your Thoughts? After You Read The Story.

2015-06-08T19:02:26-04:00

Defense officials confirm the official public Army website has been hacked by unknown intruders demanding the U.S. stop training rebel fighters inside Syria.

Unlike the massive hack into Office of Personnel Management records, the officials stress the website contains no official classified information or private personal data of any Amy personnel, military or civilian.

The messages reportedly proclaimed "YOU'VE BEEN HACKED" and added "YOUR COMMANDERS ADMIT THEY ARE TRAINING THE PEOPLE THEY HAVE SENT YOU TO DIE FIGHTING."

Image: Army website has been hacked
Defense officials confirm the official public Army website has been hacked by unknown intruders demanding the US stop training rebel fighters inside Syria. The officials stress the website contains no official classified information or private personal data of any Amy personnel, military or civilian.
It's not clear yet whether the Army or the hackers shut down the website.

"Today an element of the Army.mil service provider's content was compromised," Army Brig. Gen. Malcolm Frost, chief of public affairs, said on the website hacking. "After this came to our attention, the Army took appropriate preventive measures to ensure there was no breach of Army data by taking down the website temporarily."

The officials say the website is for general public access with general information about the Army, press releases and Army generated news stories.

The news comes less than a week after Obama administration officials announced that four million federal workers may have had their personal information compromised in a cyber attack, which officials said could affect every agency of the U.S. government

Starting today, approximately four million current and former government employees will be notified that their personal information — including names, Social Security numbers and birth dates — might have been hacked.

The compromised data was stored in a system shared by the Interior Department and the Office of Personnel Management, which screens and hires federal workers and approves security clearances for 90 percent of the federal government.

The FBI is leading the investigation into the breach, which happened in December and was discovered in April using new tools.

On Friday, the White House said the threat of cyber attacks is persistent and while the federal government has raced to outpace would-be hackers, legislation aimed at shoring up cybersecurity is desperately needed to do more. Those proposals included measures that would improve information sharing between the private sector and federal investigators, require companies to give 30 day notice of a security breach, increase punishments for cyber crimes and create uniform standards of data breach notification laws.

"Since the president submitted those pieces of legislation in January we've seen very little action," White House press secretary Josh Earnest told reporters on Friday. "We need the United States Congress to come out of the Dark Ages and join us in the 21st century."

The House passed a measure earlier this year, which the White House supports, pushing companies to share data records with federal investigators. The Senate Intelligence Committee had previously approved a similar measure, but the full Senate has not yet voted on the legislation.

Opponents to the measure cite privacy concerns and worries about government overreach.

Response by SSG Eddye Royal made Jun 8 at 2015 7:05 PM

2015-06-08T19:05:50-04:00

We all are going through a re-training process, it's just going to take time to get each team up to speed!!!

Response by COL Mikel J. Burroughs made Jun 8 at 2015 7:11 PM

2015-06-08T19:11:35-04:00

It would really be sweet if you could follow the trail back to the hacker (hot finger signature) and you could take him/her out! We need a strategy that continues to take the fight to the enemy - I'm a firm believer in that! I know there are lots of individuals that want to take a passive approach to this problem (almost like the American Isolationism in the 1930s), but the problem isn't going to go away. It will rear its ugly head again and again! Let's keep the fight on their turf and their soil! Don't shoot the messenger - just my opinion!

Response by COL Charles Williams made Jun 8 at 2015 11:50 PM

2015-06-08T23:50:32-04:00

I guess you guys will have to have more IM security training....

Response by SFC Private RallyPoint Member made Jun 9 at 2015 9:13 AM

2015-06-09T09:13:54-04:00

army website got hacked, let's do more SHARP training

Response by Capt Seid Waddell made Jun 9 at 2015 11:22 AM

2015-06-09T11:22:04-04:00

There is a lot of that going around these days.

It seems that we need to be doing more about internet security.

Response by SGT William Howell made Jun 9 at 2015 11:29 AM

2015-06-09T11:29:02-04:00

Holy Crap! Somebody could sign onto Army.mil! They should hire these guys to work the help desk so they can show others how to log in!

Response by SGT Private RallyPoint Member made Jun 9 at 2015 11:35 AM

2015-06-09T11:35:41-04:00

Wait, the Syrian Electronic Army has a twitter page? I wonder who they are following?

Response by SFC Christopher Perry made Jun 9 at 2015 12:06 PM

2015-06-09T12:06:51-04:00

The more complacent we become the more susceptible we are to these attacks.

Response by SFC Christopher Perry made Jun 9 at 2015 12:11 PM

2015-06-09T12:11:05-04:00

Funny, I was listening in on the HP Cyner Risk Repoert 2015 webinar while responding to this. Shocking is it not, that they led off with a focus on the vulnerability caused by the usage of dated code?

Response by MSG Brad Sand made Jun 9 at 2015 1:12 PM

2015-06-09T13:12:04-04:00

Great, now are passwords are going to be even more convoluted.

Response by SGT Private RallyPoint Member made Jun 9 at 2015 4:29 PM

2015-06-09T16:29:40-04:00

Response by SGT Curtis Earl made Jun 11 at 2015 6:59 AM

2015-06-11T06:59:16-04:00

Eh, not really a big deal. Its the fashion to call everything hacking these days. When people say hacking, they envision some nerd in from of a black display with green letters and a 12 pack of Surge. What most people mean by 'I got hacked' is that they had a lame FB password - like their baby's name or birthday - and someone guessed it. Then they clicked a questionable link while while visiting questionable sites. NOTE: you didn't really won an iPad; don't clock the link!!

Websites are also pretty easy to bring down if you understand the platform its on and where its hosted. I haven't seen any details on what exactly was done, but the enemy didn't attack the hardest target. They went after the low hanging fruit. I know that at least one Army website with access to PII is a basic WordPress install. I know this because they never bothered to change the favicon away from the default. Knowing that, and knowing how corporations hate to update anything, I can imagine that there are nerds hammering away at all manner of unpatched vulnerabilities.

Again, nothing has been released about how the enemy gained access. I'm not all that concerned as its not my job to secure these things.

Response by SPC Larry Boutwell made Jun 11 at 2015 5:42 PM

2015-06-11T17:42:18-04:00

Holy crap i served under frost...

Response by SFC David Reid, M.S, PHR, SHRM-CP, DTM made Aug 17 at 2019 9:33 PM

2019-08-17T21:33:55-04:00

Provides Food For Thought!