MOD Hacked

Mr_Fingerz

LE
Book Reviewer
#1

Wordsmith

LE
Book Reviewer
#3
I work for a major software company. Although I'm not a developer, as one of the requirements of my job I have to do a 'secure coding practices' course every couple of years. Although I don't understand all of it, it has given me a degree of insight into the level of technical skill required to hack more secure systems. Here is one of the simpler techniques: SQL Injection.

SQL injection - Wikipedia, the free encyclopedia

Assuming no one in the MOD has done anything as stupid as leaving default passwords in place or using passwords like Pa$$word or Passw0rd, you shouldn't be able to get into the more secure parts of the MOD without a lot of technical knowledge and a lot of patience.

Although, if I were in charge of intelligence for a hostile power, finding a world class hacker and paying him by results would be a good use of my budget...

Wordsmith
 

lill

Old-Salt
#7
it was a DDOS not a 'hack'. obv. using the correct terminology and description of such is beyond even the Guardian's hacks!

edit. wrong organisation. i was thinking of the SOCA thing earlier today
 
#8
I don't know why anyone would want to hack into the MoD's computers, given that it is so easy to hack into the networks run by the companies who supply their kit: step forward BAE Systems, for example.
 
#9
Assuming no one in the MOD has done anything as stupid as leaving default passwords in place or using passwords like Pa$$word or Passw0rd, you shouldn't be able to get into the more secure parts of the MOD without a lot of technical knowledge and a lot of patience.
You would think they'd have more sense, wouldn't you?

I know of at least two or three of our comms systems with some of the most common default passwords in the world left in place. I wouldn't be so confident about the rest being any more secure.
 
#10
I'm not too sure about setting out to reward people for hacking you. Isn't that a bit like saying 'Here, come break into my gaff and show how it isn't secure and I'll give you twenty quid'?

IMO this encourages people to hack and surely the less people hacking into and viewing MoD files that aren't meant to be viewed, the better?
 
B

bokkatankie

Guest
#11
You would think they'd have more sense, wouldn't you?

I know of at least two or three of our comms systems with some of the most common default passwords in the world left in place. I wouldn't be so confident about the rest being any more secure.
One could argue that they are very clever, no one expect anyone to be that stupid, so they would never try them!
 
#12
I'm not too sure about setting out to reward people for hacking you. Isn't that a bit like saying 'Here, come break into my gaff and show how it isn't secure and I'll give you twenty quid'?

IMO this encourages people to hack and surely the less people hacking into and viewing MoD files that aren't meant to be viewed, the better?
they are out there doing it anyway and that way you have the smelly toerag showing your technical people how he did it rather than finding out later.
like OH **** THE INTERNET IS HERE.
 
#14
Passwords? What, surely everyone knows you need secure passwords these days. Step forwards one large motor company, who use the format

admin user ID: adm.gb
admin password: adm.gb

can you spell "Doh!"
 
#15
I dont know if the MOD needs "kids on the steets". Maybe they need to worry about smartphones and tablets a tad more, as attack vectors.
 
#16
Assuming no one in the MOD has done anything as stupid as leaving default passwords in place or using passwords like Pa$$word or Passw0rd, you shouldn't be able to get into the more secure parts of the MOD without a lot of technical knowledge and a lot of patience.
Having had the misfortune of using MOD secure systems (albeit a few years ago) , I've found this applies as much to legitimate users as the bad guys.
 
#17
they are out there doing it anyway and that way you have the smelly toerag showing your technical people how he did it rather than finding out later.
like OH **** THE INTERNET IS HERE.
Also said smelly toe rag has revealed who he is to you as well & can be invited to go on a trip to gain the reward, which he'll mysteriously fail to return from...
 
#18
For a terrible moment, I thought that one of ARRSE's mods had their account hacked, then I realised it was only the Ministry of Defence.
 
#19
Since when has dii(r) been a top secret network?
 

TheIronDuke

ADC
Book Reviewer
#20
I'm not too sure about setting out to reward people for hacking you. Isn't that a bit like saying 'Here, come break into my gaff and show how it isn't secure and I'll give you twenty quid'?
Red team? (Clue - it's not Manchester United). Physical security systems do this all the time. Why not digital security?

Problem is - with physical security it usually comes down to metal and concrete. The people bit is just a yes/no decision. You either have access, or you don't. With digital security it is much more down to people. Stupid gits who use their birthday, pets name or 1234 as a password.

When HMRC lost the disc with shedloads of peoples PI data on it a few years ago they got hammered for slack practices. In fact they had robust protocols in place. Then one day Derek in Dispatch cannot be arsed to follow them. So he thought "I'll just stick it on a bike courier". And it vanished.

I'm not a digital security expert but it seems to me that users are more of a threat than hackers.
 

Similar threads

Latest Threads

Top