- Jul 22, 2014
- 2,525
The Pentagon has known about the problem for 8 months
The U.S. Department of Defense could be at risk of being attacked by hackers quite easily, one security researcher warns.
According to ZDNet, who cites Dan Tentler, founder of cybersecurity firm Phobos Group, several misconfigured servers run by the DoD could allow hackers easy access to internal government systems. That includes foreign actors eager to find a way into U.S. systems, especially since they could easily make it seem as if the attacks originated in the United States.
Tentler has said that he’s probably not the first one to discover the flaws since they were particularly easy to discover. He added that they’re probably already being exploited.
“There were hosts that were discovered that had serious technical misconfiguration problems that could be easily abused by an attacker inside or outside of the country, who could want to implicate the US as culprits in hacking attacks if they so desire,” Tentler told ZDNet.
The Pentagon was informed of the problem eight months ago, but no security fix has been deployed to those servers, indicating crass negligence. This is mostly because the vulnerable servers were not part of the scope of the bug bounty program run by the Pentagon, which started about a year ago.
The Pentagon has been running a bug bounty program in the past year, allowing white hats to find and report bugs and flaws in the system in exchange for money, something that tech companies have been doing for years. The extent of what they can test for flaws is limited, however, since only defense.gov and .mil are open to the program.
Massive risks
more in the link above.
The U.S. Department of Defense could be at risk of being attacked by hackers quite easily, one security researcher warns.
According to ZDNet, who cites Dan Tentler, founder of cybersecurity firm Phobos Group, several misconfigured servers run by the DoD could allow hackers easy access to internal government systems. That includes foreign actors eager to find a way into U.S. systems, especially since they could easily make it seem as if the attacks originated in the United States.
Tentler has said that he’s probably not the first one to discover the flaws since they were particularly easy to discover. He added that they’re probably already being exploited.
“There were hosts that were discovered that had serious technical misconfiguration problems that could be easily abused by an attacker inside or outside of the country, who could want to implicate the US as culprits in hacking attacks if they so desire,” Tentler told ZDNet.
The Pentagon was informed of the problem eight months ago, but no security fix has been deployed to those servers, indicating crass negligence. This is mostly because the vulnerable servers were not part of the scope of the bug bounty program run by the Pentagon, which started about a year ago.
The Pentagon has been running a bug bounty program in the past year, allowing white hats to find and report bugs and flaws in the system in exchange for money, something that tech companies have been doing for years. The extent of what they can test for flaws is limited, however, since only defense.gov and .mil are open to the program.
Massive risks
more in the link above.
