Hacked British Royal Navy site sinks

Powered by SC Magazine
 

Hacker claims to breach site security.

The British Royal Navy website remained down this morning after a hacker claimed to have successfully exploited the site and its underlying database yesterday.

An attacker going under the web pseudonym TinKode stated in a blog to have compromised the website with an SQL injection attack this weekend.

TinKode claimed to have accessed both usernames and passwords to different sections of the website, although the Royal Navy has refuted the suggestion any classified information was taken.

The Royal Navy admitted the site was compromised, but said no “malicious damage” was caused.

The website has been suspended as a precaution while security teams investigated, a spokesperson added.

Visitors to www.royalnavy.mod.uk today were greeted by a message reading: “Unfortunately, the Royal Navy website is currently undergoing essential maintenance. Please visit again soon.”

The news comes not long after the  BritishGovernment ranked cyber defence as one of the most important areas of national security, placing it alongside international terrorism and military crises.

The Coalition also recently announced an extra £500 million (AU$795 million) funding for cyber defence, along with £900 million (AU$1.4 billion) towards targeting tax evaders and fraud with better use of technology.

Jason Hart, senior vice president in Europe for two-factor authenticaton provider CRYPTOCard, said the hack had wider implications for the security sphere.

"The fact that a high profile military website can be targeted shows the underlining issues facing organisations and the threat of cyber crime," Hart said.

"Fundamentally this shows that the basic forms of attack can still be executed successfully on very secure sites through the simple tools to obtain the username and password."

Graham Cluley, senior technology consultant for Sophos, labelled the hack “embarrassing.”

“If someone with more malice in mind had hacked the site they could have used it to post malicious links on the Navy's JackSpeak blog, or embedded a Trojan horse into the site's main page,” Cluley said in a blog.

“It is to be hoped that the extent of this attack will be egg on the face of the Ministry of Defence, rather than a more significant assault on a website presenting the public face of an important part of the armed forces.”

This article originally appeared at itpro.co.uk

Copyright © ITPro, Dennis Publishing


Hacked British Royal Navy site sinks
 
 
 
Top Stories
Photos: iTnews Benchmark Awards countdown begins
Just a few days left until entries close for 2014.
 
Australian Govt to rethink cyber security strategy
Six-year old policy to be refreshed.
 
The failure of the antivirus industry
[Blog post] Insights from AVAR 2014.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  38%
 
Your insurance company
  3%
 
A technology company (Google, Facebook et al)
  8%
 
Your telco, ISP or utility
  7%
 
A retailer (Coles, Woolworths et al)
  2%
 
A Federal Government agency (ATO, Centrelink etc)
  20%
 
An Australian law enforcement agency (AFP, ASIO et al)
  15%
 
A State Government agency (Health dept, etc)
  5%
TOTAL VOTES: 1035

Vote