The U.S. Department of Defense can be at a huge risk of being
attacked by hackers very easily, a security researcher warns.
According to the ZDNet, who cites the Dan
Tentler, the founder of cybersecurity firm Phobos Group, there are several
misconfigured servers run by Department of defence could allow attackers an
easy access to the internal government systems. This includes eagerness of
foreign actors to find a way to get into U.S. systems, especially since they
can easily make it look as if the attacks are from within the United States.
Dan said that he’s probably not
the first to discover these flaws since they are particularly easy to discover.
He added that they are probably already being exploited now.
Related BootMGR missing problem
Related BootMGR missing problem
“There were hosts which were discovered having serious technical
misconfiguration problems that can be easily abused by an attacker outside or
inside of the country, they could implicate the US as culprits in hacking
attacks if they desire so,” Tentler told ZDNet.
They have informed the
Pentagon of the problem eight months ago, but still, no security fix has
been deployed to correct those servers. This indicates cross negligence. This
is mostly because the vulnerable servers were not part of the scope of the bug
bounty program run by the Pentagon, which started about a year ago.
The Pentagon has been running a
bug bounty program in the past year, allowing white hats to find and report
bugs and flaws in the system in exchange for money, something that tech companies
have been doing for years. The extent of what they can test for flaws is
limited, however, since only defense.gov and .mil are open to the program.
Comments
Post a Comment