An Anti-US hacking group known as “m0sted” has apparently hacked into at least two sensitive Army servers, InformationWeek claims, citing “exclusive” information. The breaches are being investigated by the US Army, although they have not been publicly disclosed.
The two servers known to be hacked were one at the McAlester Ammunition Plant in McAlester, Okla. on January 26, and another U.S. Army Corps of Engineers’ Transatlantic Center in Winchester, Va which occurred on September 19, 2007.
In the earlier case, the divisions webpage was hacked redirecting to the group’s own site. That site hosts anti-US and anti-Israeli messages. It is not known whether the group was able to access or download any sensitive data.
Both hacking attempts took advantage of SQL injection vulnerabilities in Microsoft’s server software. Even though the Defense Department has put in place tools to prevent such attacks, the hackers have apparently found a way to bypass those measures.
As part of the investigation, search warrants against Google, Microsoft, and Yahoo have been executed in an effort to reveal the hacker’s identities. The Defense Department is not commenting on the report.