Forgot your password?
typodupeerror
Government Communications Security The Military Your Rights Online

Military and Government E-mails Compromised 132

Posted by Soulskill
from the neverending-story dept.
Dangerous_Minds writes "ZeroPaid is reporting that 16,959 e-mail accounts were recently exposed by Connexion Hack Team. Included in the data dump are usernames and passwords for military and government accounts. The other compromised accounts included addresses from GMail, Yahoo, MSN, and AOL." Reader Stoobalou adds a report that NATO's servers have been hit for the second time in as many months.
This discussion has been archived. No new comments can be posted.

Military and Government E-mails Compromised

Comments Filter:
  • by Lead Butthead (321013) on Tuesday July 05, 2011 @06:44PM (#36666688) Journal

    Shortly after the release of War Games in 1983, there were a rash of hacking incidents "inspired" by the movie. Events of late seem to be a repeat of that, aggravated by the (still) piss poor security policies. How some things changed but other persists over the decades.

  • Air Gap? (Score:3, Interesting)

    by Gothmolly (148874) on Tuesday July 05, 2011 @06:50PM (#36666722)

    Has nobody in government security ever heard of an air gap? WHY would you ever attach military gear to the public Internet?

    • according to some of his defenders, alot of the stuff he got was 'commonly downloaded' by people on the base, especially the Collateral Murder video.

      if you search youtube for video of afghan/iraq air strikes, i'd say that seems about right.

      now if there is a bradley manning, who was doing it to blow whistles, there are probably some people who are doing it for profit, selling info to others.

      why they aren't up on charges like him? sometimes the military wants to flip them to become triple agents. sometimes it

      • by blueg3 (192743)

        That data is on SIPRNET, which is separated from the regular Internet. After 9/11 the government tried to adopt a culture of information-sharing between organizations, which led to a lot of data being easily accessible if you had the right access. The infamous Wikileaked data is available because Manning transferred it from SIPRNET to the Internet by means of a writable CD masquerading as a mix tape.

        • if you have millions of people with security clearances,

          including people who are having serious psychological or emotional problems, which were known to the commanders at the time they sent him on duty.

          • by blueg3 (192743)

            Access to data traditionally needs need-to-know in addition to clearance, though that was relaxed somewhat with post-9/11 information sharing. But in general, it's a hard problem. Lots of military and contractors need access to some kind of security-sensitive data.

    • by blueg3 (192743)

      In this case, so you can send e-mail to people on the Internet (and the reverse).

    • Uh... the military uses the internet. The real internet. someone@navy.mil is not some secret account, those are air gapped for obvious reasons.

      You're seeing someone's NIPR email that they used to sign up for some unknown website, and nothing more.

    • by Xest (935314)

      Laziness.

      Rather than setup some external networking to a different site so that e-mails can be exchanged between them it's much easier to just go plug into that pre-existing wall socket over there in the corner and tunnel via the public internet where all the infrastructure is already in place for you. I mean, no one would think to try and attack your connection right? I mean, how would they even find it amongst all those other IPs on the net!

      That's really the mindset you're dealing with.

  • ... how people can believe in the existence of a government that conspires to slowly erode our freedoms, but also maintains such poor security on their information.

    Oh wait, never mind, I just got it. This is clearly a ruse they orchestrated to make the truth seem implausible. Very sorry, continue with normal business.

  • by TWX (665546) on Tuesday July 05, 2011 @07:17PM (#36666922)

    I wish that everyone would just stop storing passwords as they're typed and instead only store the comparative hash. It wouldn't matter, nearly so much, if they were obtained that way, so long as the algorithm to turn the password into the hash can't also turn the hash into the password.

    Yeah, I know, it might break some interoperability, but I'm getting sick and tired of hearing about this crap. Unfortunately the only way this will change is if it becomes in the interest of the requisite parties for it to, like if they can't obtain insurance anymore because no insurer will want to extend liability insurance to a company whose IT structure is so poor that it's likely that a payout might be necessary.

  • Morons (Score:3, Insightful)

    by chill (34294) on Tuesday July 05, 2011 @08:07PM (#36667242) Journal

    No, not the people who had their e-mail and passwords hacked, just most of the commenters here on Slashdot. Really, after all this time I should no longer be surprised.

    Heads up, folks! The vast bulk of these e-mail addresses are from @yahoo.com, @gmail.com and the like.

    These are PERSONAL e-mail addresses of possibly U.S. government personnel. They are prefaced with a couple dozen .gov and .mil addresses, but the rest are anybody's guess.

    • Exactly. It's likely they came from some sort of government employee program, like free viagra for postal workers or something... anything, I don't know. It's highly unlikely the organization (NSA) that has paper after paper detailing the need to hash passwords using a random salt to prevent rainbow attacks went ahead and stored their accounts in clear-text [*@nsa.ic.gov].

      This is yet another Bobby Tables [xkcd.com] script attack against yet another site failing to use prepared statements and sanitation as suggested

    • You're making a huge assumption that this is from a military server (hint: these user/passwords didn't come from that NATO server). Just because you see a few .gov and .mil email addresses means nothing. Some people sign up for websites using their military email addresses, just like some people do the same from a corporate email.

      I love how they preface the .mil addresses as important people. More likely some random PFC.

      • by wiley001 (1549705)
        And a majority of these emails will probably belong to clerical type people without a clearance. Just because a .mil or .gov address is compromised doesn't mean data's been compromised
  • by jmkaza (173878) on Tuesday July 05, 2011 @09:48PM (#36667928)

    These aren't email addresses with passwords to those accounts, they're the email address and password someone used to sign up for some random, unknown website. Without knowing what website, most of these combos are worthless. It might have been a hack of the server, but chances are it's just some DB (and not DataBase) admin who published his user list. If you're using the same email address to register for websites, make sure you don't use your password for that email address when you register.

    • In an ideal world, users use different passwords for different websites. In reality, however, these passwords are equivalent to the passwords for their accounts.
      • by Anonymous Coward

        Yes, that's true. But that's more for someone to remember. And perhaps for most people, remembering a string of characters isn't so simple. So even if the password is simple, will someone really want to remember a bunch of different, yet simple, passwords for a multitude of websites?

        Okay, now, what about disposable e-mail addresses? Those disposable e-mail addresses don't have a password attached to them. So, one path to follow might be this...
        1. Create a Hotmail account (most people probably have this chec

    • I would suppose it matters even less because .mil should all be CAC enabled now. Good luck to the "hackers" getting in to the account without a CAC and the PIN.
  • Why would any military allow the use of such things for communications, is it not protocol to have secure lines of comm. no matter what the means or reason for it.
    You never know who is listening, so you have to ensure your line is safe....you can't do that with a company the likes of google that say all you emails belong to them.because you use their services....
    come one...common sense 101 here...

    • Members of the military do need to transact business with the outside world. Sign up for websites, order a book from Amazon, whatever. As long as the public e-mails aren't used for classified information, what, precisely, is the problem?

      • Maybe having someone know that you are a 5 star general, and just ordered your inflatable doll from your internet line that had a man in the middle listening, could create a very specific situation, where they could approach that general with this info for blackmailing purposes, or maybe if this same general has a mistress, and someone got wind of it, because he was using unsecured lines, again would lead to a situation where they could possibly us that "normal info" to abnormal means of getting results...

        F

  • So, in the file, it states "We want everyone to know that we mean business here." So, my question is "What business are they in?"

"Stupidity, like virtue, is its own reward" -- William E. Davidsen

Working...