Skip to main content
  1. Home
  2. Computing
  3. News

Misconfigured Pentagon servers could have been exploited for cyberattack

By

vulnerable pentagon servers the united states department of defense
A cybersecurity researcher has discovered a number of misconfigured servers belonging to the Department of Defense that could have left internal networks vulnerable to outsider access and attack.

According to Dan Tentler of Phobos Group, these vulnerable servers could have been used, in theory, to carry out cyberattacks to make them look like they were perpetrated by United States actors. No classified information could be accessed through these vulnerabilities however.

“There were hosts that were discovered that had serious technical misconfiguration problems that could be easily abused by an attacker inside or outside of the country, who could want to implicate the U.S. as culprits in hacking attacks if they so desire,” Tentler told ZDNet.

Last year the Department of Defense launched its first bug bounty program. It allows accredited white hat hackers to test various (but not all) of the Pentagon’s public facing networks for bugs. Hackers are limited to the department’s services on the defense.gov and .mil domains. The servers that Tentler discovered were within these domains.

Tentler said it was “very likely” that these servers have been exploited already. The Pentagon was allegedly made aware of the misconfigured servers eight months ago but has yet to patch the flaws. Tentler reported the bugs to HackerOne, which operates bug bounty programs, but given the rules of the program, he is limited in what he can disclose publicly.

Tentler himself is critical of the cybersecurity preparedness of the Pentagon, and the government in general. “The Pentagon has created a circumstance where the good guys can’t find the problems because we’re not allowed to scan, or go out of scope, or find things on our own,” he said, while bad actors can tinker away at these systems with little or no regard.

Much has been made about how the Trump administration will handle cybersecurity. Tentler added that leaked plans to carry cyber reviews on federal systems every 60 days “demonstrates a complete lack of understanding what the existing problems are.”

Editors' Recommendations

The last Nvidia GPUs have been cracked by crypto miners

A programmer preparing a crypto currency mining rig

Destructive hacking group REvil could be back from the dead

Person typing on a computer keyboard.

Researchers say your GPU could expose private info online

The new Nvidia GeForce MX570 chip.

Water could have been on Mars more recently than we thought

NASA’s Mars Reconnaissance Orbiter used its Context Camera to capture this image of Bosporos Planum, a location on Mars. The white specks are salt deposits found within a dry channel. The largest impact crater in the scene is nearly 1 mile (1.5 kilometers) across.

With Tesla bleeding money, Elon Musk initiates hardcore spending review

Tesla Model Y front

Women inherit the Earth in new Jurassic World Dominion video

The women of Jurassic World Dominion.

The most exciting monitors still coming in 2022

LG UltraGear monitor over a futuristic background.

Star Wars Jedi: Survivor comes to current consoles in 2023

Cal Kestis stares at a person in a tank in Star Wars Jedi: Survivor.

The sordid history of 5GE, or when 5G isn’t 5G at all

Hold holding three phones from three different carriers.

Obi-Wan Kenobi review: A superior Star Wars tale

Ewan McGregor as Obi-Wan Kenobi in the 2022 Disney+ series.

HDMI ARC and eARC: The one-cable solution for TV audio, fully explained

Panasonic TC P55vt60 review HDMI ports

Roku tips and tricks

tips and tricks for optimizing your roku version 1360389615 premiere plus

My phone still has a PopSocket, and this is why I love it

Two iPhone 12s leaning on one another with matching Pokemon PopSockets.