A hacker claims to have broken into the main website run by the British Royal Navy, www.royalnavy.mod.uk, revealing usernames and passwords of administrators.
The hacker, who calls himself TinKode and is believed to hail from Romania, posted information on the web about the compromise and the sensitive passwords he was able to uncover.
How embarrassing.
At the time of writing the Royal Navy has replaced its entire website with a static image which simply says:
Unfortunately the Royal Navy website is currently undergoing essential maintenance. Please visit again soon
In the past TinKode has revealed security holes in NASA's website, and published information about SQL injection vulnerabilities in sites belonging to the US Army.
TinKode's attack is particularly embarrassing for the British Ministry of Defence, as just last month protecting against cyber attacks was declared in the National Security Strategy to be a "highest priority for UK national security" alongside international terrorism, international military crises and major accidents/natural hazards.
We can all be thankful that Tinkode's activities appear to be have been more mischievous than dangerous. If someone with more malice in mind had hacked the site they could have used it to post malicious links on the Navy's JackSpeak blog, or embedded a Trojan horse into the site's main page.
Hopefully efforts are in place now to secure any vulnerabilities and reduce the chances of such a serious security breach happening again in future. It is to be hoped that the ultimate impact of this attack will be egg on the face of the Ministry of Defence (and better security practices in future), rather than a more significant assault on a website presenting the public face of an important part of the armed forces.
![Password security infomerical leaves Ellen DeGeneres in disbelief.. and it will you too [VIDEO]](http://sophosnews.files.wordpress.com/2013/04/ellen-thumb.jpg?w=75&h=75&crop=1)
![Can multiple moving cursors really hide your password from spyware and peepers? [VIDEO]](http://sophosnews.files.wordpress.com/2013/03/cursors-thumb.jpg?w=75&h=75&crop=1)
OMG, is that supposed to be html 5? So many errors in so little html...
I guess it was thrown together pretty fast...
is <centre> a valid tag? I mean, of course not, but has it ever been? I thought it was <center>...
How much fail can you cram into 3 lines of html!
That's not the actual HTML of the site. See source at http://royalnavy.mod.uk/
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
<title>Royal Navy</title>
</head>
<body>
<div><img src="navysitedown.gif" alt="A screenshot of the Royal Navy homepage" title="Royal Navy site down for essential maintenance"/></div>
</body>
</html>
I suspect they may have updated it since my screen capture of the source html. :) Good for them.
Tinkode is a noob script kiddie, he hasn't hacked anything, other person did it, but that person doesn't damage anything, then tinkode (who knows this other person) got the info and claimed to be the one who hacked them, he did the same on several other websites, taking "credit" for other people findings.