Recent sources close to the US government have admitted that army web servers have been the victim of attack by a group of ‘elite’ computer hackers known as M0sted.  This group, it claims, were able to use a remote injection exploit to gain access to a number of web servers belonging to the US Army Corps of Engineers.

Reportedly, other than setting up a number of redirects to their own homepage, it is not clear as to how far the attacks actually went and whether or not they actually managed to steal any sensitive records or classified information, but the fact that these hackers seem to have managed to exploit remote injection vulnerabilities to gain access to these servers is perhaps evidence that the US Army’s computer network is still the equivalent of Swiss cheese.

This particular attack was executed by a group of Turkish hackers, who may very well be operating for Al Qaeda.  The aim of this attack seemed to be website defacement, but it is unclear as to whether the group actually progressed beyond that to to access sensitive computer systems.

In this example, these attacks were not the cause of a glitch in hardware or software, but more likely than not the result of human error. Specifically, it would seem that the army was the victim of remote SQL-injection hack that gave these hackers the ability to insert anything of their choosing into the database of the server, which is the result of nothing other than bad coding.

The US army should be leading the fight against cybercrime, not becoming victim to it, instead, they operate under the impression their systems are “secure”.  In today’s age of targeted cyber attacks, this is literally the equivalent of putting your head in the sand.