Sensitive information of more than 16,000 US Army personnel stationed in South Korea, plus data on local employees and job applicants, appears to have been compromised after databases loaded with names, identification numbers and addresses were accessed by unauthorised and unknown parties. Specific details of how the 28 May raid …
"...banking details and classified data was not compromised."
Maybe they should have stored the other data to the same level of security/isolation? Maybe that would be too inconvenient?
There must be a way of allowing a civilian/admin worker to generate an enquiry about my job application and print out an envelope addressed to me without allowing them to do a data dump of everybody else on the system.
Lots of things get misplaced
In the military lots of things get misplaced, weapons, personnel, ships, aircraft.
It will just be a simple admin error, the 16,000 personnel are still there. Probably some desk bound senior rank that pressed the wrong button thinking he could start WW3 before he retired.
Sounds like a single machine was compromised
Which to me at least, suggests local access or compromise issues that could well return.
Send in Reacher.
Reach for the sender.
Send for the retch
Having seen first hand some of the network infrastructure over there, I am not surprised this has happened. I am actually curious as to how many times it probably has happened before and never noticed!
I did some really dumb things in my past, quite a few of them in South Korea while serving in the US Army. One of them, was being a script kiddie¹. I got busted by the National Police Agency of S. Korea. Even after this, the US Army was foolish in allowing me local access to protected computer systems. To make it even more interesting, I also was able to obtain employment stateside at Citibank in their Fraud Early Warning department. They trusted me with quite a lot of information and access, knowing what had happened in S. Korea, and locally².
1) http://www.theregister.co.uk/2001/05/08/us_airman_charged_in_korean/ (That was me)
2) http://www.justice.gov/usao/pae/News/2007/jul/baer.html (Me again...)
As long as folks let dummies like I used to be slip into their network, problems like this will continue.
Re: No Surprise
I this the better question is how many of us haven't worn a hat that is other than white. My youth was spent as one of the few technologically savvy fellows in my city during the 80s and 90s. There were hijinks.
But you grow up. You realize that while blackhatting may be fun, exhilarating and a boost to the ego, it's also a very real risk. As you get older you get a wife, possibly kids, pets, a mortgage; there are people that depend on you and they could be in a bad way if you were to end up in jail.
I think that's natural. I think that pure white hats are exceptionally rare...but that most companies (and even governments) don't require them. The lighter shade of grey is just fine, even if the only "black" in your hat is tacitly ignoring the "dark deeds" done by your contacts (and friends) amongst the information systems penetration community.
Those who never had the bug, who never had the curiosity to know how things work...they'll never understand. It is the curiosity which drives; "how is that designed" and "can I get around it?" It can make one into a notorious hacker, or a brilliant engineer.
The difference between one and the other is having learned enough life lessons to channel the curiosity into something beneficial...most of the time, at least.
Business as usual
This has happened before, it will happen again. The US Army is infatuated with being connected with the internet, but sadly uses some of the worst security software, Don't get me started on the protocols they have in place, you'd just laugh.
Army loses 16,000 personnel records in Korea?
We're OK as long as they can find Tuttle.
- Infosec geniuses hack a Canon PRINTER and install DOOM
- Boffins say they've got Lithium batteries the wrong way around
- Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
- In a spin: Samsung accuses LG exec of washing machine SABOTAGE
- Game Theory Half a BILLION in the making: Bungie's Destiny reviewed