The Department of Defense has not publicly admitted the breaches, but leaked documents from an internal investigation indicate that servers belonging to the U.S. Army Corps of Engineers’ Transatlantic Center in Virginia and the McAlester Ammunition Plant in McAlester, Oklahoma, were both compromised by a Turkish hacking group called “mosted”. The McAlester attack came on January 26 of this year, whereas the previous attack occurred back in 2007.
In both cases, users were redirected to a 3rd party site, on one occasion displaying climate-change material and on the other displaying images and text of an anti-US and anti-Israeli nature. It’s not clear whether any sensitive information was stolen in the attacks, which appear to be more about humiliating the US Army webmasters and political point-scoring on the part of the hackers. The group apparently used SQL injection techniques to gain access to the servers and are known to have used a similar exploit in the past to hijack a site run by security and anti-virus firm Kaspersky Lab.
The attack is the subject of an ongoing criminal investigation and search warrants have been served against ISPs as well as Yahoo, Google, and Microsoft in a concerted effort by the US Government to track down and punish those responsible. For hackers to have infiltrated supposedly high-security military servers in this way has likely proved both highly embarrassing, not to mention deeply troubling for those in charge.
Read more at InformationWeek
