Hacker forces Royal Navy to suspend website

Filed Under: Data loss, Malware, Vulnerability

A hacker claims to have broken into the main website run by the British Royal Navy, www.royalnavy.mod.uk, revealing usernames and passwords of administrators.

The hacker, who calls himself TinKode and is believed to hail from Romania, posted information on the web about the compromise and the sensitive passwords he was able to uncover.

How embarrassing.

Royal Navy website

At the time of writing the Royal Navy has replaced its entire website with a static image which simply says:

Unfortunately the Royal Navy website is currently undergoing essential maintenance. Please visit again soon

Source code of Royal Navy website

In the past TinKode has revealed security holes in NASA's website, and published information about SQL injection vulnerabilities in sites belonging to the US Army.

TinKode's attack is particularly embarrassing for the British Ministry of Defence, as just last month protecting against cyber attacks was declared in the National Security Strategy to be a "highest priority for UK national security" alongside international terrorism, international military crises and major accidents/natural hazards.

We can all be thankful that Tinkode's activities appear to be have been more mischievous than dangerous. If someone with more malice in mind had hacked the site they could have used it to post malicious links on the Navy's JackSpeak blog, or embedded a Trojan horse into the site's main page.

Hopefully efforts are in place now to secure any vulnerabilities and reduce the chances of such a serious security breach happening again in future. It is to be hoped that the ultimate impact of this attack will be egg on the face of the Ministry of Defence (and better security practices in future), rather than a more significant assault on a website presenting the public face of an important part of the armed forces.

, , , ,

You might like

8 Responses to Hacker forces Royal Navy to suspend website

  1. Webmaster · 1796 days ago

    OMG, is that supposed to be html 5? So many errors in so little html...

    • wily · 1796 days ago

      I guess it was thrown together pretty fast...

    • Kevin G · 1347 days ago

      is <centre> a valid tag? I mean, of course not, but has it ever been? I thought it was <center>...

  2. CBA · 1796 days ago

    How much fail can you cram into 3 lines of html!

  3. gilan · 1795 days ago

    That's not the actual HTML of the site. See source at http://royalnavy.mod.uk/

    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
    <html xmlns="http://www.w3.org/1999/xhtml&quot; xml:lang="en" lang="en">
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
    <title>Royal Navy</title>


    <div><img src="navysitedown.gif" alt="A screenshot of the Royal Navy homepage" title="Royal Navy site down for essential maintenance"/></div>


  4. peter · 1782 days ago

    Tinkode is a noob script kiddie, he hasn't hacked anything, other person did it, but that person doesn't damage anything, then tinkode (who knows this other person) got the info and claimed to be the one who hacked them, he did the same on several other websites, taking "credit" for other people findings.

  5. happy sailor · 848 days ago

    The ship you show is the HMS Belfast museum ship, originally a Royal Navy light cruiser, not been service since 1978

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog at https://grahamcluley.com, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Follow him on Twitter at @gcluley