Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
Processing registration... Please wait.
This process can take up to a minute to complete.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
The UK Royal Navy website is currently down after a hacker claimed to have successfully exploited the site and its underlying database.
An attacker going under the web pseudonym TinKode stated in a blog to have compromised the website with an SQL injection attack over the weekend.
TinKode claimed to have accessed both usernames and passwords to different sections of the website, although the Royal Navy has refuted the suggestion any classified information was taken.
The Royal Navy admitted the site was compromised, but said no “malicious damage” was caused.
The website has been suspended as a precaution while security teams investigated, a spokesperson added.
Visitors to www.royalnavy.mod.uk today were greeted by a message reading: “Unfortunately, the Royal Navy website is currently undergoing essential maintenance. Please visit again soon.”
TinKode received praise on his blog for his efforts, with one post reading: “TinKode doesn’t need sophisticated weapons to disarm an army. He just need a PC.”
Another, going by the name Sirarcane, said: “Nice dude, really nice. Good job.”
The news comes not long after the UK Government ranked cyber defence as one of the most important areas of national security, placing it alongside international terrorism and military crises.
Jason Hart, senior vice president in Europe for two-factor authenticaton provider CRYPTOCard, said the hack had wider implications for the security sphere.
"The fact that a high profile military website can be targeted shows the underlining issues facing organisations and the threat of cyber crime," Hart told IT PRO.
"Fundamentally this shows that the basic forms of attack can still be executed successfully on very secure sites through the simple tools to obtain the username and password."
Graham Cluley, senior technology consultant for Sophos, labelled the hack “embarrassing.”
“If someone with more malice in mind had hacked the site they could have used it to post malicious links on the Navy's JackSpeak blog, or embedded a Trojan horse into the site's main page,” Cluley said in a blog.
“It is to be hoped that the extent of this attack will be egg on the face of the Ministry of Defence, rather than a more significant assault on a website presenting the public face of an important part of the armed forces.”
This article originally appeared at itpro.co.uk
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.