Information Warfare: September 2, 2002

Archives

In June, 2002, some network security consultants, while working for a commercial client, stumbled across some Department of Defense servers. Curious, they thought they would test the security, and found that there wasn't much there. The servers were at the Ft Hood army base in Texas and the consultants soon found themselves looking at all sorts of classified data. The easy access to the army servers also provided entry to some NASA servers, where more confidential material was found. Appalled at the lax security in classified servers (access was often gained by using default passwords such as "administrator" and "password"), the consultants contacted the Washington Post. The newspaper in turn asked the army if this was true. Next thing you know, the FBI raided the consultants offices and informed the lads that hacking a federal server was a felony, no matter what your intentions were. But there's more. The consultants in question were rookies at a new Internet security company. Not enough adult supervision led the boys to go where they shouldn't have and not reporting their actions to the feds first. But the major lesson here is that the Department of Defense still has a lot of network security problems. If some well meaning security consultants could get in, why not some foreigner with less benign intentions?