A hacker claims to have broken into the main website run by the British Royal Navy, www.royalnavy.mod.uk, revealing usernames and passwords of administrators.
The hacker, who calls himself TinKode and is believed to hail from Romania, posted information on the web about the compromise and the sensitive passwords he was able to uncover.
At the time of writing the Royal Navy has replaced its entire website with a static image which simply says:
Unfortunately the Royal Navy website is currently undergoing essential maintenance. Please visit again soon
In the past TinKode has revealed security holes in NASA’s website, and published information about SQL injection vulnerabilities in sites belonging to the US Army.
TinKode’s attack is particularly embarrassing for the British Ministry of Defence, as just last month protecting against cyber attacks was declared in the National Security Strategy to be a “highest priority for UK national security” alongside international terrorism, international military crises and major accidents/natural hazards.
We can all be thankful that Tinkode’s activities appear to be have been more mischievous than dangerous. If someone with more malice in mind had hacked the site they could have used it to post malicious links on the Navy’s JackSpeak blog, or embedded a Trojan horse into the site’s main page.
Hopefully efforts are in place now to secure any vulnerabilities and reduce the chances of such a serious security breach happening again in future. It is to be hoped that the ultimate impact of this attack will be egg on the face of the Ministry of Defence (and better security practices in future), rather than a more significant assault on a website presenting the public face of an important part of the armed forces.