The Royal Navy’s website has been taken offline following a cyber attack in which user information and passwords were exposed online.
A hacker, reported to be based in Romania, is believed to have gained access to the website on Friday by using a SQL injection attack, in which malicious code is inserted and executed in the database layer of an application.
Interesting Links
OECD hacked for economic data Economic co-operation body says security compromised by infected USB drive Inside the swarm SQL injections are relatively simple attack but combined with botnets they have become a critical threat to information security
The hacker, known as TinKode, then posted a link via micro-blogging site Twitter to a web page hosting a text file containing the names and passwords of the Royal Navy website’s users.
At the time of writing, the Royal Navy’s website was still unavailable, displaying the message: "Unfortunately the Royal Navy website is undergoing essential maintenance. Please visit again soon."
The Royal Navy says that no classified information was exposed during the attack. "Security teams are investigating," it said in a statement. "Access to this website did not give the hacker access to any classified information."
TinKode is said to have a history of breaching the security of high-profile web sites and organisations, including NASA, YouTube and various US military agencies.
