1. Computing

Misconfigured Pentagon servers could have been exploited for cyberattack

By

vulnerable pentagon servers the united states department of defense
A cybersecurity researcher has discovered a number of misconfigured servers belonging to the Department of Defense that could have left internal networks vulnerable to outsider access and attack.

According to Dan Tentler of Phobos Group, these vulnerable servers could have been used, in theory, to carry out cyberattacks to make them look like they were perpetrated by United States actors. No classified information could be accessed through these vulnerabilities however.

“There were hosts that were discovered that had serious technical misconfiguration problems that could be easily abused by an attacker inside or outside of the country, who could want to implicate the U.S. as culprits in hacking attacks if they so desire,” Tentler told ZDNet.

Last year the Department of Defense launched its first bug bounty program. It allows accredited white hat hackers to test various (but not all) of the Pentagon’s public facing networks for bugs. Hackers are limited to the department’s services on the defense.gov and .mil domains. The servers that Tentler discovered were within these domains.

Tentler said it was “very likely” that these servers have been exploited already. The Pentagon was allegedly made aware of the misconfigured servers eight months ago but has yet to patch the flaws. Tentler reported the bugs to HackerOne, which operates bug bounty programs, but given the rules of the program, he is limited in what he can disclose publicly.

Tentler himself is critical of the cybersecurity preparedness of the Pentagon, and the government in general. “The Pentagon has created a circumstance where the good guys can’t find the problems because we’re not allowed to scan, or go out of scope, or find things on our own,” he said, while bad actors can tinker away at these systems with little or no regard.

Much has been made about how the Trump administration will handle cybersecurity. Tentler added that leaked plans to carry cyber reviews on federal systems every 60 days “demonstrates a complete lack of understanding what the existing problems are.”

Editors' Recommendations

Everything you need to know about Red Dead Online

red dead redemption 2 companion app leaks

The best Sega Genesis games of all time

sega genesis games available on amazon fire tv classics

The best PS Now games for 2021

best ps now games featured

What is packet loss, and how do you fix it?

resetplug wifi router

How to see your mail before it arrives

best labor day smart home deals 2020 ring video doorbell gen 2 and mail person 1200x9999

These are the best cheap printer deals for February 2021

best printer deals - Canon Pixma TS3122

Save $260 on this Surface Pro 7 at Best Buy today

microsoft surface go 2 laptop 3 pro 7 deals best buy summer sale 2020 720x720

Intel Xe graphics: Everything you need to know about Intel’s dedicated GPUs

intel xe graphics everything you need to know inel

Hurry! Save big on Microsoft Office 365 with this deal from HP

microsoft office 365 deal hp january 2021 personal

Quick fixes for Surface Pro 7 common problems

Microsoft Surface Pro 7 windows 10

AMD Radeon RX 5700 XT vs. RX 5700

AMD Radeon RX 5700 and 5700 XT review

Should you overclock your CPU?

digital storm bolt ii cpu fans

Should you turn your computer off at night? We asked an expert

Dell XPS 8930 Review