close

Privacy guaranteed - Your email is not shared with anyone.

Experts Easily Crack Government Computers

Discussion in 'The Powder Keg' started by Doglips, Aug 16, 2002.

  1. Doglips

    Doglips G&G Newbie

    Im find it sad that this is possible...of course letting everyone know via the press is not such a smart thing to do. Im realy not so sure who is on our side. Besides, I aint posted any anti goverment type stuff in a few days...enjoy.

    Experts Easily Crack Government Computers
    Sensitive Data Easily Retrieved from Online Military Computers

    By Andy Sullivan



    W A S H I N G T O N, Aug. 16 — Tens of thousands of U.S. military and government computers containing sensitive information are easily accessible over the Internet, a computer security firm that cracked the networks said today.

    Military encryption techniques, correspondence between generals, recruits' Social Security and credit-card numbers and other sensitive information is often stored on Internet-connected computers that use easily guessed passwords or in some cases no passwords at all, said an official at San Diego security firm ForensicTec Solutions Inc.
    "We were kind of shocked at the security measures, or lack thereof," said ForensicTec President Brett O'Keefe.

    ForensicTec consultants came across the network for the U.S. Army's Fort Hood base in Texas while working with another client earlier this summer, O'Keefe said.

    From there, they were able to access internal networks at other military bases, as well as civilian agencies like the National Aeronautics and Space Administration, the Department of Energy and the Department of Transportation, he said.

    Computers were easily cracked by guessing common passwords like the user's name, or even by typing in "password," O'Keefe said.


    More Sensitive Information Might be Available

    Although they were not able to access any classified information, the security consultants were able to find e-mail messages between generals and other high-ranking officers and recruits' Social Security and credit-card numbers, he said.

    They also found records describing radio-encryption techniques, laser-targeting systems and information about couriers carrying secret documents, he said.

    More sensitive information might be available, as the consultants only checked a few of the tens of thousands of computers that could be accessed, he said.

    Defense Department spokesmen were not immediately available for comment.

    Computer trespass is a felony crime in the United States, and computer hackers could face beefed-up penalties including life in prison under a bill that passed the House of Representatives earlier this year. But O'Keefe said ForensicTec consultants felt they needed to highlight the lax security so that it could be improved.

    "Yes, it was a risk for us to come forward, but if we didn't, who's to say the next person to come across these networks would do the right thing?" he said.


    Copyright 2002 Reuters. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.
     
  2. wes

    wes G&G Newbie

    And they want me to do my banking online,hah!
     

  3. Oxford

    Oxford G&G Evangelist

    A good point was brought out regarding security...even in our home computers.

    How many people on this forum use their last name in their password? For example Jones@provider.com.

    It would be a good time for security reasons to make a change. :nod:
     
  4. Lenny2

    Lenny2 Guest

    It is no surprise. The private sector pays. The gov't does not. The talent goes where the money is. Start paying computer administrators what they are worth and you'll see the security increase.
     
  5. Klaus

    Klaus G&G Newbie

    What does your email address have to do with a password?
     
  6. Chris

    Chris Administrator Staff Member

    7,640
    572
    Online Banking is a secure thing in most cases, always do research. There are a few things that I do not do online, but it depends on the security that is on the site, a basic thing I look for is a SSL and the "HTTPS:// " The S means it is secure, I have passwords that the only person that knows them is me ;)