The United States of America, Department of Defence (DoD).
Department of the Navy, the Pentagon, NASA and the National Security Agency(NSA)
All
these security agencies are thought to have the best ever security put
into place against hacker attacks...yet one claims to have hacked into
them !!!
Hacker Pseudoname: Sl1nk
Organisation: Unknown
Reputation: Unknown
This
guys claims to have done some quite interesting and unbelievable
things..things that would mean that the security holes in these above
mentioned agencies are countless..
Is that because they wanted to adopt cloud computing, we'll see that later.
Maybe
what this hacker 'sl1nk' is claiming to have done is completely
false..but the information he provided seems so precise that it becomes
difficult to ignore them. There is a set of documents he presented as
proof and which are available to view at the end of this post. For now
take a look at the tricks he says he managed to pull:
- SSH access to a Network of 140 machine's layer 1 to 3 in the Pentagon
- Access to APACS (automated personell air clearance system)
- Thousand's of documents ranging from seizure of a vehicle up to private encryption key request forms.
- Database of all usernames/passwords of Webmail of Nasa.
- Access to ASSIST (Database for Military Specifications and Military Standards)
- Data Transformation Corporation's FAA Sponsored DUAT Service
- Access to Government Gateway at http://www.gateway.gov.uk/
- Access to applicationmanager.gov
- Login access to HM Revenue & Customs (HMRC)
- Login to Central Data Exchange | US EPAAs you can see, he (sl1nk) claims to have SSH access to many boxes, a list is given below :-
Pentagon, Nasa, Navy, NSA Area 54 Department of the Navy, Space and Naval Warfare System Command 64.224.0.11 207.60.16.0 - 207.60.16.255 205.0.0.0 - 205.117.255.0 IP=64.224.0.5
64.70.0.2,
64.70.1.15
64.70.2.53
64.70.2.95
131.182.3.72
153.31.1.195
64.70.2.16
128.149.2.1
64.224.0.9 and lots more
He also presented some account credentials that suppozedly THN Team verified and documents originating from the Department of Defence (DoD).
https://assist.daps.dla.mil/User: COM502571Pass: C*************g@@--------------------------------------------http://www.duat.comsystem access code: 0016***9password: F*****1--------------------------------------------http://www.gateway.gov.uk/Agent Name: Corie LeeUser ID: 1152****652Pass: **************--------------------------------------------https://online.hmrc.gov.uk/accountYour User ID is: 437067167597Password: cl**********3d--------------------------------------------https://applicationmanager.gov/User: administratorbackupPass: fu********l@--------------------------------------------https://cdxnode64.epa.govUser: JCrimsonPass: M*********0n--------------------------------------------https://pecos.cms.hhs.gov/pecos/login.doUser: AdminbackupPass: g*********7
Nice proofs and for sure would make people believe that these agencies have security flaws..but to what extent is it true ?
Was it because they moved to cloud computing...but why our defense and intelligence agencies are moving so quickly to adopt cloud computing ?The answer is cost savings and higher efficiency but the most important aspect is is grounded squarely in our DoD's need exploit information faster than its adversaries.Cloud computing is unique in its ability to address critical defense and intelligence mission needs. That’s why cloud computing is critical to national defense.The main concerns surrounding Cloud Computing Security are:Data security, privacy and integrityIntrusion detection and prevention
Security concerns about Cloud Computing are nothing newSecurity experts find flaws in cloud computingDemonstrations of new ways to attack corporate data stored with the increasingly popular “cloud” services have added to concerns about the technology.
Security researchers at the Black Hat USA security conference in Las Vegas showed how users of Amazon’s Elastic Compute Cloud (EC2) services were tricked into using virtual machines that could have included “back doors” for snooping.
No comments:
Post a Comment