Posted on Jun 8, 2015
Army's Public Website Has Been Hacked. Your Thoughts? After You Read The Story.
6.95K
27
23
5
5
0
Defense officials confirm the official public Army website has been hacked by unknown intruders demanding the U.S. stop training rebel fighters inside Syria.
Unlike the massive hack into Office of Personnel Management records, the officials stress the website contains no official classified information or private personal data of any Amy personnel, military or civilian.
The messages reportedly proclaimed "YOU'VE BEEN HACKED" and added "YOUR COMMANDERS ADMIT THEY ARE TRAINING THE PEOPLE THEY HAVE SENT YOU TO DIE FIGHTING."
Image: Army website has been hacked
Defense officials confirm the official public Army website has been hacked by unknown intruders demanding the US stop training rebel fighters inside Syria. The officials stress the website contains no official classified information or private personal data of any Amy personnel, military or civilian.
It's not clear yet whether the Army or the hackers shut down the website.
"Today an element of the Army.mil service provider's content was compromised," Army Brig. Gen. Malcolm Frost, chief of public affairs, said on the website hacking. "After this came to our attention, the Army took appropriate preventive measures to ensure there was no breach of Army data by taking down the website temporarily."
The officials say the website is for general public access with general information about the Army, press releases and Army generated news stories.
The news comes less than a week after Obama administration officials announced that four million federal workers may have had their personal information compromised in a cyber attack, which officials said could affect every agency of the U.S. government
Starting today, approximately four million current and former government employees will be notified that their personal information — including names, Social Security numbers and birth dates — might have been hacked.
The compromised data was stored in a system shared by the Interior Department and the Office of Personnel Management, which screens and hires federal workers and approves security clearances for 90 percent of the federal government.
The FBI is leading the investigation into the breach, which happened in December and was discovered in April using new tools.
On Friday, the White House said the threat of cyber attacks is persistent and while the federal government has raced to outpace would-be hackers, legislation aimed at shoring up cybersecurity is desperately needed to do more. Those proposals included measures that would improve information sharing between the private sector and federal investigators, require companies to give 30 day notice of a security breach, increase punishments for cyber crimes and create uniform standards of data breach notification laws.
"Since the president submitted those pieces of legislation in January we've seen very little action," White House press secretary Josh Earnest told reporters on Friday. "We need the United States Congress to come out of the Dark Ages and join us in the 21st century."
The House passed a measure earlier this year, which the White House supports, pushing companies to share data records with federal investigators. The Senate Intelligence Committee had previously approved a similar measure, but the full Senate has not yet voted on the legislation.
Opponents to the measure cite privacy concerns and worries about government overreach.
Unlike the massive hack into Office of Personnel Management records, the officials stress the website contains no official classified information or private personal data of any Amy personnel, military or civilian.
The messages reportedly proclaimed "YOU'VE BEEN HACKED" and added "YOUR COMMANDERS ADMIT THEY ARE TRAINING THE PEOPLE THEY HAVE SENT YOU TO DIE FIGHTING."
Image: Army website has been hacked
Defense officials confirm the official public Army website has been hacked by unknown intruders demanding the US stop training rebel fighters inside Syria. The officials stress the website contains no official classified information or private personal data of any Amy personnel, military or civilian.
It's not clear yet whether the Army or the hackers shut down the website.
"Today an element of the Army.mil service provider's content was compromised," Army Brig. Gen. Malcolm Frost, chief of public affairs, said on the website hacking. "After this came to our attention, the Army took appropriate preventive measures to ensure there was no breach of Army data by taking down the website temporarily."
The officials say the website is for general public access with general information about the Army, press releases and Army generated news stories.
The news comes less than a week after Obama administration officials announced that four million federal workers may have had their personal information compromised in a cyber attack, which officials said could affect every agency of the U.S. government
Starting today, approximately four million current and former government employees will be notified that their personal information — including names, Social Security numbers and birth dates — might have been hacked.
The compromised data was stored in a system shared by the Interior Department and the Office of Personnel Management, which screens and hires federal workers and approves security clearances for 90 percent of the federal government.
The FBI is leading the investigation into the breach, which happened in December and was discovered in April using new tools.
On Friday, the White House said the threat of cyber attacks is persistent and while the federal government has raced to outpace would-be hackers, legislation aimed at shoring up cybersecurity is desperately needed to do more. Those proposals included measures that would improve information sharing between the private sector and federal investigators, require companies to give 30 day notice of a security breach, increase punishments for cyber crimes and create uniform standards of data breach notification laws.
"Since the president submitted those pieces of legislation in January we've seen very little action," White House press secretary Josh Earnest told reporters on Friday. "We need the United States Congress to come out of the Dark Ages and join us in the 21st century."
The House passed a measure earlier this year, which the White House supports, pushing companies to share data records with federal investigators. The Senate Intelligence Committee had previously approved a similar measure, but the full Senate has not yet voted on the legislation.
Opponents to the measure cite privacy concerns and worries about government overreach.
Posted 10 y ago
Responses: 14
Holy Crap! Somebody could sign onto Army.mil! They should hire these guys to work the help desk so they can show others how to log in!
(3)
(0)
SGT (Join to see)
SGT William Howell, I have always thought if those people are that good, they could earn some major bucks as a consultant.
(1)
(0)
SGT (Join to see)
SFC (Join to see), ,,,,And some very sharp listening. In today's world we can't afford to get relaxed about anything. You're correct,Training, training, and more training.
(0)
(0)
It would really be sweet if you could follow the trail back to the hacker (hot finger signature) and you could take him/her out! We need a strategy that continues to take the fight to the enemy - I'm a firm believer in that! I know there are lots of individuals that want to take a passive approach to this problem (almost like the American Isolationism in the 1930s), but the problem isn't going to go away. It will rear its ugly head again and again! Let's keep the fight on their turf and their soil! Don't shoot the messenger - just my opinion!
(3)
(0)
SGT (Join to see)
MSG Brad Sand, I change my passwords several times a year, but it getting harder to come up with something I can remember. I write them down, but that's becoming a pain in the butt.
(0)
(0)
MSG Brad Sand
SGT (Join to see)
They make it so no one can remember their password and if you can you have to change it 30 minutes later. If you wanted to break on to a government computer...find cheat sheet next to the computer and you are in.
They make it so no one can remember their password and if you can you have to change it 30 minutes later. If you wanted to break on to a government computer...find cheat sheet next to the computer and you are in.
(1)
(0)
SGT (Join to see)
MSG Brad Sand, how do they log in if they can't remember their PW? Do they use the cheat sheets and leave them where they can be seen? That's crazy.
(0)
(0)
We all are going through a re-training process, it's just going to take time to get each team up to speed!!!
(2)
(0)
SGT (Join to see)
SSG Eddye Royal, yes but it looks like taking time isn't on our side. It's beginning to be more towards the enemies time.
(0)
(0)
Eh, not really a big deal. Its the fashion to call everything hacking these days. When people say hacking, they envision some nerd in from of a black display with green letters and a 12 pack of Surge. What most people mean by 'I got hacked' is that they had a lame FB password - like their baby's name or birthday - and someone guessed it. Then they clicked a questionable link while while visiting questionable sites. NOTE: you didn't really won an iPad; don't clock the link!!
Websites are also pretty easy to bring down if you understand the platform its on and where its hosted. I haven't seen any details on what exactly was done, but the enemy didn't attack the hardest target. They went after the low hanging fruit. I know that at least one Army website with access to PII is a basic WordPress install. I know this because they never bothered to change the favicon away from the default. Knowing that, and knowing how corporations hate to update anything, I can imagine that there are nerds hammering away at all manner of unpatched vulnerabilities.
Again, nothing has been released about how the enemy gained access. I'm not all that concerned as its not my job to secure these things.
Websites are also pretty easy to bring down if you understand the platform its on and where its hosted. I haven't seen any details on what exactly was done, but the enemy didn't attack the hardest target. They went after the low hanging fruit. I know that at least one Army website with access to PII is a basic WordPress install. I know this because they never bothered to change the favicon away from the default. Knowing that, and knowing how corporations hate to update anything, I can imagine that there are nerds hammering away at all manner of unpatched vulnerabilities.
Again, nothing has been released about how the enemy gained access. I'm not all that concerned as its not my job to secure these things.
(1)
(0)
Read This Next