British Navy Website is Hacked

By CIOinsight  |  Posted 11-08-2010 Print Email
A hacker exploited a SQL injection vulnerability on the Royal Navy Website to steal administrator passwords and usernames.

A hacker reportedly exploited a SQL injection vulnerability on the Website of Britain's Royal Navy, according to media reports.

The incident took place Nov. 5, when a hacker known by the alias TinKode is believed to have attacked the site and stolen passwords and usernames. At press time, the site bears a message stating: "Unfortunately the Royal Navy is website is currently undergoing essential maintenance. Please visit again soon."

TinKode posted about the attack on Twitter and linked to his security blog, where visitors could find more information about the attack. The hacker, who is believed to be Romanian, has been tied in the past to attacks against NASA and U.S. Army-owned sites as well, Sophos Senior Technology Consultant Graham Cluley tells CIO Insight sister publication eWEEK.

SQL injection is a well-known class of vulnerabilities found on the Web. According to a recent report from White Hat Security, SQL injections are the sixth most prevalent attack class, though cross-site scripting and information leakage were in the lead by far.

In a statement, the Royal Navy reportedly said that the Website had been temporarily suspended. "Security teams are investigating," according to the statement. "Access to this website did not give the hacker access to any classified information."

For more, read the eWeek article Hacker Hits British Navy Website With SQL Injection Attack.


Submit a Comment

Loading Comments...