Exclusive: Defense Department investigators subpoena records from Google, Microsoft, and Yahoo in connection with ongoing probe.
A known computer hacking clan with anti-American leanings has successfully broken into at least two sensitive Web servers maintained by the U.S. Army, InformationWeek has learned exclusively.
Department of Defense and other investigators are currently probing the breaches, which have not been publicly disclosed.
The hackers, who collectively go by the name "m0sted" and are based in Turkey, penetrated servers at the Army's McAlester Ammunition Plant in McAlester, Okla., and at the U.S. Army Corps of Engineers' Transatlantic Center in Winchester, Va.
The breach at the McAlester munitions plant occurred on Jan. 26, according to records of the investigation obtained by InformationWeek. On that date, Web users attempting to access the plant's site were redirected to a Web page that featured a protest against climate change.
On Sept. 19, 2007, the same hackers electronically broke into Army Corps of Engineers' servers. That hack sent Web users to www.m0sted.net. The page, at the time, contained anti-American and anti-Israeli rhetoric and images, records show. It currently appears to be an Internet landing spot that features airline reservation links.
Beyond the redirects, it's not clear whether the group was able to obtain sensitive information from the Army's servers.
The hacks are the subject of an ongoing criminal investigation by Defense Department officials and members of the U.S. Army's Judge Advocate General's Office and Computer Emergency Response Team. Investigators have executed records search warrants against Microsoft, Yahoo, Google, and other Internet service and e-mail providers as part of their efforts to unmask the hackers' true identities.
Investigators believe the hackers used a technique called SQL injection to exploit a security vulnerability in Microsoft's SQL Server database to gain entry to the Web servers. "m0sted" is known to have carried out similar attacks on a number of other Web sites in the past -- including against a site maintained by Internet security company Kaspersky Lab.
The hacks are troubling in that they appear to have rendered useless supposedly sophisticated Defense Department tools and procedures designed to prevent such breaches. The department and its branches spend millions of dollars each year on pricey security and antivirus software and employ legions of experts to deploy and manage the tools.
Equally troubling is the fact that the hacks appear to have originated outside the United States. Turkey is known to harbor significant elements of the al-Qaida network. It was not clear if "m0sted" has links to the terrorist group.
Defense Department officials did not immediately return calls seeking comment on the case.
InformationWeek Analytics has published an independent analysis on what executives really think about security. Download the report here (registration required).
Security Job #1 For FedsThe 2014 InformationWeek Government IT Priorities Survey shows federal IT pros care about security - itís rated as very important by 69% of respondents, 30 percentage points ahead of the No. 2 priority, disaster recovery. Will the upcoming NIST cyber-security framework help manage risk?