Skip to main content
  1. Home
  2. Computing
  3. News

Misconfigured Pentagon servers could have been exploited for cyberattack

Jonathan Keane
By

vulnerable pentagon servers the united states department of defense
A cybersecurity researcher has discovered a number of misconfigured servers belonging to the Department of Defense that could have left internal networks vulnerable to outsider access and attack.

According to Dan Tentler of Phobos Group, these vulnerable servers could have been used, in theory, to carry out cyberattacks to make them look like they were perpetrated by United States actors. No classified information could be accessed through these vulnerabilities however.

“There were hosts that were discovered that had serious technical misconfiguration problems that could be easily abused by an attacker inside or outside of the country, who could want to implicate the U.S. as culprits in hacking attacks if they so desire,” Tentler told ZDNet.

Last year the Department of Defense launched its first bug bounty program. It allows accredited white hat hackers to test various (but not all) of the Pentagon’s public facing networks for bugs. Hackers are limited to the department’s services on the defense.gov and .mil domains. The servers that Tentler discovered were within these domains.

Tentler said it was “very likely” that these servers have been exploited already. The Pentagon was allegedly made aware of the misconfigured servers eight months ago but has yet to patch the flaws. Tentler reported the bugs to HackerOne, which operates bug bounty programs, but given the rules of the program, he is limited in what he can disclose publicly.

Tentler himself is critical of the cybersecurity preparedness of the Pentagon, and the government in general. “The Pentagon has created a circumstance where the good guys can’t find the problems because we’re not allowed to scan, or go out of scope, or find things on our own,” he said, while bad actors can tinker away at these systems with little or no regard.

Much has been made about how the Trump administration will handle cybersecurity. Tentler added that leaked plans to carry cyber reviews on federal systems every 60 days “demonstrates a complete lack of understanding what the existing problems are.”

Editors' Recommendations

Topics
Hackers have found a way to hack you that you’d never expect
A depiction of a hacker breaking into a system via the use of code.
This Microsoft Teams exploit could leave your account vulnerable
A video call in Microsoft Teams is displayed on a laptop.
Chrome extensions with 1.4M users may have stolen your data
Google Chrome icon in mac dock.
This Twitter vulnerability may have revealed owners of burner accounts
Twitter app on the OnePlus 10T.
Best Cyber Monday Deals 2022: Laptops, TVs, AirPods, and more
Best Cyber Monday Deals 2022
The best Cyber Monday Chromebook deals for 2022
Best Cyber Monday Chromebook Deals
Cyber Monday Gaming PC Deals: these discounts may not last
Best Cyber Monday Gaming PC Deals
Alienware Cyber Monday deals: Gaming laptops, PCs, monitors
The Alienware Aurora R10 Ryzen Edition Gaming Desktop, placed on a desk.
The best Cyber Monday gaming laptop deals for 2022
Razer Blade 15 Advanced
The best Cyber Monday MacBook deals for 2022
Best Cyber Monday MacBook Deals
Dell Cyber Monday deals: Save on Dell XPS 13, gaming laptops
Best Cyber Monday Dell Deals
Apple Cyber Monday Deals: Apple Watch, AirPods, iPad, MacBook
Best Cyber Monday Apple Deals
This Alienware gaming laptop with an RTX 3080 just got a bit cheaper
Intel announces Intel Arc dGPU for Alienware x17 laptop.