Last weekend a hacker allegedly broke into the Royal Navy’s website, gaining access to private information and data in a potentially hazardous cyber attack.
The hack was carried out by a Romanian-based individual going by the alias of TinKode. He targeted the navy’s official UK site, in the process harvesting data such as passwords and usernames which could give access to administrative powers.
Sophos’ Graham Cluley told SC Magazine UK, that during the hack, which lasted several hours, the site redirected users to an image file, declaring that it was offline for maintenance purposes.
Mr Cluley pointed out that the government has recently reasserted its aims to heighten the UK’s ability to fend off the threats posed by cybercriminals and terrorists from foreign nations. Now an SQL injection has allowed just such an attack to occur and many are worried about the type of data which was made available to the hacker.
Mr Cluley said that from one point of view the Ministry of Defence (MoD) has got off lightly since the hacker does not seem to have been motivated by malice, but rather by a mischievous desire to test his skills. As such, the weaknesses of the Royal Navy website have been exposed without necessarily putting UK citizens or the armed forces at risk, although at this time the extent of its impact remains unknown.
Experts believe that this incident can act as an example to all businesses, organisations and individuals who own and operate a website, as it shows how easily a weakness can be exploited by third parties.
It is thought that the Royal Navy website was not infected with malware, as could have easily been the case had the hacker been more nefarious in his intent.
The Romanian hacker responsible for the attack has a presence on Twitter and received a number of messages congratulating him on his efforts, including many deriding the MoD’s ability to properly secure the websites which it operates on behalf of the armed forces.
