The United States of America, Department of Defence (DoD).
Department of the Navy, the Pentagon, NASA and the National Security Agency(NSA)
All these security agencies are thought to have the best ever security put into place against hacker attacks...yet one claims to have hacked into them !!!
Hacker Pseudoname: Sl1nk
Organisation: Unknown
Reputation: Unknown
This guys claims to have done some quite interesting and unbelievable things..things that would mean that the security holes in these above mentioned agencies are countless..
Is that because they wanted to adopt cloud computing, we'll see that later.
Maybe what this hacker 'sl1nk' is claiming to have done is completely false..but the information he provided seems so precise that it becomes difficult to ignore them. There is a set of documents he presented as proof and which are available to view at the end of this post. For now take a look at the tricks he says he managed to pull:
- SSH access to a Network of 140 machine's layer 1 to 3 in the Pentagon
- Access to APACS (automated personell air clearance system)
- Thousand's of documents ranging from seizure of a vehicle up to private encryption key request forms.
- Database of all usernames/passwords of Webmail of Nasa.
- Access to ASSIST (Database for Military Specifications and Military Standards)
- Data Transformation Corporation's FAA Sponsored DUAT Service
- Access to Government Gateway at http://www.gateway.gov.uk/
- Access to applicationmanager.gov
- Login access to HM Revenue & Customs (HMRC)
- Login to Central Data Exchange | US EPA
As you can see, he (sl1nk) claims to have SSH access to many boxes, a list is given below :-
Pentagon, Nasa, Navy, NSA | Area 54 | Department of the Navy, Space and Naval Warfare System Command |
64.224.0.11 | 207.60.16.0 - 207.60.16.255 | 205.0.0.0 - 205.117.255.0 |
IP=64.224.0.5 | ||
64.70.0.2, | ||
64.70.1.15 | ||
64.70.2.53 | ||
64.70.2.95 | ||
131.182.3.72 | ||
153.31.1.195 | ||
64.70.2.16 | ||
128.149.2.1 | ||
64.224.0.9 and lots more |
He also presented some account credentials that suppozedly THN Team verified and documents originating from the Department of Defence (DoD).
https://assist.daps.dla.mil/
User: COM502571
Pass: C*************g@@
--------------------------------------------
http://www.duat.com
system access code: 0016***9
password: F*****1
--------------------------------------------
http://www.gateway.gov.uk/
Agent Name: Corie Lee
User ID: 1152****652
Pass: **************
--------------------------------------------
https://online.hmrc.gov.uk/account
Your User ID is: 437067167597
Password: cl**********3d
--------------------------------------------
https://applicationmanager.gov/
User: administratorbackup
Pass: fu********l@
--------------------------------------------
https://cdxnode64.epa.gov
User: JCrimson
Pass: M*********0n
--------------------------------------------
https://pecos.cms.hhs.gov/pecos/login.do
User: Adminbackup
Pass: g*********7
Nice proofs and for sure would make people believe that these agencies have security flaws..but to what extent is it true ?
Was it because they moved to cloud computing...but why our defense and intelligence agencies are moving so quickly to adopt cloud computing ?
The answer is cost savings and higher efficiency but the most important aspect is is grounded squarely in our DoD's need exploit information faster than its adversaries.
Cloud computing is unique in its ability to address critical defense and intelligence mission needs. That’s why cloud computing is critical to national defense.
The main concerns surrounding Cloud Computing Security are:
Data security, privacy and integrity
Intrusion detection and prevention
Security concerns about Cloud Computing are nothing new
Security experts find flaws in cloud computing
Demonstrations of new ways to attack corporate data stored with the increasingly popular “cloud” services have added to concerns about the technology.
Security researchers at the Black Hat USA security conference in Las Vegas showed how users of Amazon’s Elastic Compute Cloud (EC2) services were tricked into using virtual machines that could have included “back doors” for snooping.
Security researchers at the Black Hat USA security conference in Las Vegas showed how users of Amazon’s Elastic Compute Cloud (EC2) services were tricked into using virtual machines that could have included “back doors” for snooping.