12.5 C
New York
Wednesday, September 30, 2020
Home News Misconfigured Pentagon servers could have been exploited for cyberattack

Misconfigured Pentagon servers could have been exploited for cyberattack

Why it matters to you

A researcher’s discovery of buggy servers at The Pentagon show the government still has a lot of work to do on cybersecurity.

A cybersecurity researcher has discovered a number of misconfigured servers belonging to the Department of Defense that could have left internal networks vulnerable to outsider access and attack.

According to Dan Tentler of Phobos Group, these vulnerable servers could have been used, in theory, to carry out cyberattacks to make them look like they were perpetrated by United States actors. No classified information could be accessed through these vulnerabilities however.

“There were hosts that were discovered that had serious technical misconfiguration problems that could be easily abused by an attacker inside or outside of the country, who could want to implicate the U.S. as culprits in hacking attacks if they so desire,” Tentler told ZDNet.

More: Department of Defense officially launches ‘Hack the Pentagon’ program

Last year the Department of Defense launched its first bug bounty program. It allows accredited white hat hackers to test various (but not all) of the Pentagon’s public facing networks for bugs. Hackers are limited to the department’s services on the defense.gov and .mil domains. The servers that Tentler discovered were within these domains.

Tentler said it was “very likely” that these servers have been exploited already. The Pentagon was allegedly made aware of the misconfigured servers eight months ago but has yet to patch the flaws. Tentler reported the bugs to HackerOne, which operates bug bounty programs, but given the rules of the program, he is limited in what he can disclose publicly.

Tentler himself is critical of the cybersecurity preparedness of the Pentagon, and the government in general. “The Pentagon has created a circumstance where the good guys can’t find the problems because we’re not allowed to scan, or go out of scope, or find things on our own,” he said, while bad actors can tinker away at these systems with little or no regard.

Much has been made about how the Trump administration will handle cybersecurity. Tentler added that leaked plans to carry cyber reviews on federal systems every 60 days “demonstrates a complete lack of understanding what the existing problems are.”

Latest

Amazon One turns your palm into a contactless credit card

Amazon has introduced a new biometric technology for offline stores that lets you verify credit card purchases by scanning your palm.

Apple Watch SE review: The best Apple Watch for most people

The Apple Watch SE may not have all the features found on the Series 6, but everything most will want from a smartwatch is still there, and for a lower price.

The best and most useful iOS 14 widgets

Apple's iOS 14 has brought home screen widgets to the iPhone. Here's our roundup of the best and most useful iOS 14 widgets, from the fun to the productive.

Prime Day arrives early for the latest iPad 10.2 — now only $300

There's a rare but useful discount for the latest Apple iPad right now as part of Amazon's early Prime Day offers