Royal Navy website sunk by SQL injection hacker

According to the Associated Press, the hacker is thought to originate from Romania and had posted details of his/her exploits to Twitter over the weekend.

The site was taken down – apparently by the Navy's IT team – early on Monday and has since had a sign saying the portal is shut due to "essential maintenance" and asking users to come back later.

"The Navy said in a statement that the website's security had been breached over the weekend but that no malicious damage had been found", says the AP newswire.

"The Royal Navy website has been temporarily suspended", the statement read. "Security teams are investigating. Access to this website did not give the hacker access to any classified information."

Commenting on the high profile hack, Graham Cluley, Sophos' senior technology consultant, said that TinKode had posted information on the web about the compromise and the sensitive passwords he was able to uncover.

"In the past TinKode has revealed security holes in NASA's website, and published information about SQL injection vulnerabilities in sites belonging to the US Army", he said in his security blog.

TinKode's attack, says Cluley, is particularly embarrassing for the British Ministry of Defence, as just last month protecting against cyber attacks was declared in the National Security Strategy to be a "highest priority for UK national security" alongside international terrorism, international military crises and major accidents/natural hazards.

"We can all be thankful that TinKode's activities appear to be have been more mischievous than dangerous. If someone with more malice in mind had hacked the site they could have used it to post malicious links on the Navy's JackSpeak blog, or embedded a Trojan horse into the site's main page", he noted.

What’s hot on Infosecurity Magazine?