The Web site of the U.S. military’s Communications-Electronics Command (CECOM) was off line on Monday after reports that access to the site was among those being fenced by hackers in an underground forum.
The CECOM home page, cecom.army.mil displayed a message saying the site was “temporarily unavailable,” an apparent response to the revelation on Friday that credentials offering full administrative control to the site could be had for $499 online. The CECOM site was one of a list of U.S. and foreign military, government, and educational sites being fenced in underground forums, according to a report from Krebsonsecurity.com.
CECOM coordinated information technology systems used to support the military’s Joint Warfighter program. The list of sites includes Web sites for the states of Michigan and Utah (michigan.gov and utah.gov), as well as the site for the South Carolina National Guard and Italian government Web sites, according to a screenshot posted by Krebsonsecurity.
Rob Rachwald at Imperva said that company’s Israel based security team first discovered the list in a hacker forum where access was being offered for sale. The list offers varying levels of access to the sites on a sliding scale from $55 to $499. Other screenshots appear to be aimed at providing proof that the hacker has administrative access to data.
A discussion on a hacking forum with one of the hackers behind this site suggests that automated SQL injection attacks on the servers were used to gain access.
While the compromised databases may not hold highly sensitive data, attackers could use the reputable sites to host malicious content or, potentially, for targeted attacks against military personnel, Rachwald said.
Attacks on education and public sector Web sites have increased, as more private sector firms have cracked down on security to meet mandates like the Payment Card Industry Data Security Standards, Rachwald said. A recent report from Web security firm zScaler listed prominent government and education Web sites that were serving up malicious code.