Report Claims US Military Vulnerable To Cyber Hacks
Despite the fact that individuals and firms are becoming more cyber security savvy, it is astonishing to think that the technology designed to protect and deter hostile aggression could be ‘easily hacked’ using ‘basic tools.’
The report, carried out by Government Accountability Office (GAO), found severe cyber-vulnerabilities in nearly all US weapon systems between 2012 and 2017.
The report found that the Pentagon failed to change their default passwords on a range of their weapons. When passwords were changed, one was able to be guessed in as little as nine seconds.
Whilst the GAO test teams looked for vulnerabilities by hacking the system, some were able to change or delete systems data on major weapons systems. In some cases, over 100 gigabytes of information was stolen through the hacks.
The report concluded that GAO were able to easily gain control of at least one weapons system. The team were able to observe the operators responding to the hack in real time. Others found that it took less than an hour to gain access to the weapon information and less than a day to fully control the weapon.
Although the Pentagon has viewed the report as unrealistic and believe their systems to be secure, the threat of cyber criminality to all facets of society becomes clear.
Ken Munro, Security Expert at firm Pen Test Partners, said: “It is not at all surprising. It takes a long time to develop a weapons system, often based on iterations of much older systems. As a result, the components and software can be based on very old, vulnerable code.
“Developers often overlook ‘hardening’ the security of systems after they’ve got them operating, with the philosophy, ‘it’s working, so don’t mess with it.’
“However, that’s no excuse. This report shows some very basic security flaws that could easily have been addressed by changing passwords and keeping software up-to-date.”
Worryingly, when this vulnerability spread to the F-35 fighter jets and their destructive missile systems, the oversight and threat is extremely serious. If the US military applications and weapons can be so easily hacked, it is even more imperative to ensure the online security of your law firm.
Is your law firm protected from cyber fraud? Are you concerned by these reports? Do you ensure that simple fraud prevention like passwords are considered?