Hacker duo says they hack for sake of national security
Computerworld -
A pair of hackers who have been penetrating U.S. government computer systems across the country said they're trying to call attention to vulnerabilities in national security.
But analysts said they're probably nothing more than publicity seekers.
On April 24, the hackers, who call themselves the Deceptive Duo, said they "started their mission" of breaking into both government and private-sector computer systems. In an e-mail interview with Computerworld, they said their purpose was "to expose the lack of security within our government and other critical cyber components."
They said they have hacked into classified and nonclassified systems, including those operated by the Office of the Secretary of Defense, the Space and Naval Warfare Systems Command, the Defense Logistics Agency, Sandia National Laboratories, the NASA Jet Propulsion Laboratory, Midwest Express Airlines and a number of banks.
"We had access to data and Web servers which included things such as pictures from Operation Restore Hope [expanded peacekeeping operations in Somalia in the early 1990s] to the personal details of Department of Defense employees," they said.
The hackers said they have breached the systems in two ways. One involved using Microsoft SQL servers, which they said have a default password to log in. Some system administrators didn't change the default password when their databases were implemented and their systems went live, the duo said. They also got in through a NetBIOS brute force attack, a method in which hackers repeatedly try to guess passwords to gain entry into a system that could exploit the NetBIOS protocol and allow access to sensitive data.
"Once information was acquired, we targeted an appropriate Web site to post the screenshots at. For instance, we posted the Defense Logistics Agency database on a Web site of the Office of the Secretary of Defense," the hackers said in their e-mail.
Richard Williamson, a spokesman for the Space and Naval Warfare Systems Command, acknowledged that hackers had gained access to the system through SQL because the agency had failed to change the default password and administrator's user ID.
"We're embarrassed. We didn't change it. We made a mistake," he said.
Williamson said the pair didn't get access to any classified information. "It was information any taxpayer is entitled to," he said.
The hackers, who wouldn't reveal their ages, said they believe that breaking into computer systems is the only way to get system administrators to take action to improve security.
"We must take drastic means for them to take this seriously," they said. "When notifying a system administrator, the situation often
Security
Additional Resources



White Papers & Webcasts
The State of PCI DSS Compliance at Organizations Today
Download this resource today!
Managing Secure File Transfer to Save Time, Money and IT Resources
Learn how companies are using innovative technology to overcome these challenges and improve user productivity by offloading e-mail attachments and replacing FTP with...
Can Heuristic Technology Help Your Company Fight Viruses?
What is Heuristic Technology and how can it help safeguard your business against viruses? Learn more.
Security Convergence Equals Network Security Cost Savings
Listen to IBM Internet Security Systems' take on network security convergence.
Why Email Must Operate 24/7 and How to Make This Happen
Learn how to avoid an email outage by implementing a hosted email continuity solution.
Lower the Cost and Complexity of a Mobile Workforce through Automation
Download This Resource Now!
Eradicate Spam & Gain 100% Asurance of Clean Mailboxes
Get this paper now!
Managing Mobility: Improve Data Security, Compliance and Manageability
Download This Resource Now!
Mastering eDiscovery: The IT Manager's Guide to Preservation, Protection & Production
Get this paper now!
Disaster Recovery 2008: Reduced Costs and Improved Performance
How long can your Enterprise afford to be without your data? With an accelerated disaster recovery program, you never have to answer this...
