1. Computing

Misconfigured Pentagon servers could have been exploited for cyberattack

By

vulnerable pentagon servers the united states department of defense
A cybersecurity researcher has discovered a number of misconfigured servers belonging to the Department of Defense that could have left internal networks vulnerable to outsider access and attack.

According to Dan Tentler of Phobos Group, these vulnerable servers could have been used, in theory, to carry out cyberattacks to make them look like they were perpetrated by United States actors. No classified information could be accessed through these vulnerabilities however.

“There were hosts that were discovered that had serious technical misconfiguration problems that could be easily abused by an attacker inside or outside of the country, who could want to implicate the U.S. as culprits in hacking attacks if they so desire,” Tentler told ZDNet.

Last year the Department of Defense launched its first bug bounty program. It allows accredited white hat hackers to test various (but not all) of the Pentagon’s public facing networks for bugs. Hackers are limited to the department’s services on the defense.gov and .mil domains. The servers that Tentler discovered were within these domains.

Tentler said it was “very likely” that these servers have been exploited already. The Pentagon was allegedly made aware of the misconfigured servers eight months ago but has yet to patch the flaws. Tentler reported the bugs to HackerOne, which operates bug bounty programs, but given the rules of the program, he is limited in what he can disclose publicly.

Tentler himself is critical of the cybersecurity preparedness of the Pentagon, and the government in general. “The Pentagon has created a circumstance where the good guys can’t find the problems because we’re not allowed to scan, or go out of scope, or find things on our own,” he said, while bad actors can tinker away at these systems with little or no regard.

Much has been made about how the Trump administration will handle cybersecurity. Tentler added that leaked plans to carry cyber reviews on federal systems every 60 days “demonstrates a complete lack of understanding what the existing problems are.”

Editors' Recommendations

Major security vulnerability could leave critical infrastructure defenseless

Power Lines

Attacks from Chinese hacking group have spiked, U.S. firm says

hacks header

WhatsApp fixes bug that could have allowed hackers to read your desktop files

Whatsapp-encryption-header 2

TikTok vulnerability could have allowed hackers to take over users’ profiles

TikTok phone hero image

With Tesla bleeding money, Elon Musk initiates hardcore spending review

Tesla Model Y front

The best Nintendo Switch shooter games

best new video games Splatoon 2

8 spooky Halloween games for people who don’t like horror

Luigi screams in terror in Luigi's Mansion 3.

‘Like diamonds in the sky’: NASA’s Lucy mission launches to study asteroids

A United Launch Alliance Atlas V rocket with the Lucy spacecraft aboard is seen in this 2 minute and 30 second exposure photograph as it launches from Space Launch Complex 41, Saturday, Oct. 16, 2021, at Cape Canaveral Space Force Station in Florida. Lucy will be the first spacecraft to study Jupiter's Trojan Asteroids. Like the mission's namesake – the fossilized human ancestor, "Lucy," whose skeleton provided unique insight into humanity's evolution – Lucy will revolutionize our knowledge of planetary origins and the formation of the solar system.

Are smartwatches and fitness trackers making us more anxious?

Apple Watch 6 fitness monitor.

Errant thruster firing causes scare on International Space Station

International Space Station

Perseverance rover captures stunning panoramic image of Mars’s South Séítah

Cropped version of a mosaic composed of 84 pictures taken by the Mastcam-Z imager aboard NASA's Perseverance rover.

Hearthstone’s standout Mercanaries mode is smothered by the main game

Heroes from Hearthstone Mercenaries stand together.

Watch a Russian film crew depart from the ISS tonight

The ten station inhabitants are gathered together in the Unity module for a meal and a portrait. In the front row (from left) are, Mark Vande Hei, Klim Shipenko, Pyotr Dubrov, and Megan McArthur. In the back row (from left) are, Akihiko Hoshide, Anton Shkaplerov, Thomas Pesquet, Yulia Peresild, Oleg Novitskiy, and Shane Kimbrough.