Direct from clutterfreepc:
The British Royal Navy has been successfully attacked – by malware.
The Royal Navy’s website was recently shut down temporarily while military officials repaired the vulnerability. In addition to the website’s motto, which ironically reads “Modern and Relevant,” users saw a message telling them why they couldn’t access any information on the website during repairs.
“Unfortunately the Royal Navy website is currently undergoing essential maintenance. Please visit again soon,” the website read.
Meanwhile, in true cyber criminal fashion, the hackers responsible for the attack celebrated and boasted on anonymous blogs throughout the web. A cyber criminal known only by the moniker TinKode took credit and received praise for the attack.
“TinKode doesn’t need sophisticated weapons to disarm an army. He just need a PC,” an anonymous post on TinKode’s blog read.
Another hacker gave him a pat on the back. “Nice dude, really nice. Good job,” a hacker name Sirarcane added.
Cyber security authorities across the globe have discussed the implications that may come as a result of the attack on the British Royal Navy’s website. Graham Cluley, senior technology consultant for security firm Sophos, said the event is “embarrassing” for the British military’s cyber security, and said the country is fortunate TinKode didn’t use the hack for more malicious purposes.
“We can all be thankful that Tinkode’s activities appear to be have been more mischievous than dangerous,” Cluley wrote in a recent NakedSecurity blog post. “If someone with more malice in mind had hacked the site they could have used it to post malicious links on the Navy’s JackSpeak blog, or embedded a Trojan horse into the site’s main page.”
In fact, TinKode, who is believed to live in Romania, has a history of pointing out glaring web security flaws within networks that many users may have previously considered secure. According to Clulely, “TinKode has revealed security holes in NASA’s website, and published information about SQL injection vulnerabilities in sites belonging to the U.S. Army.”
Just as government cyber security has rebounded from these past attacks, Cluley hopes the British Royal Navy can limit the damage from TinKode’s attack and use it to prevent future issues.
“Hopefully efforts are in place now to secure any vulnerabilities and reduce the chances of such a serious security breach happening again in the future,” Cluley wrote. “It is to be hoped that the ultimate impact of this attack will be egg on the face of the Ministry of Defense – and better security practices in the future – rather than a more significant assault on a website presenting the public face of an important part of the armed forces.”
A number of other recent attacks have highlighted the importance of anti-malware software in government networks, including the Stuxnet virus’ successful infiltration of Iran’s energy infrastructure.