by Dennis Sellers, firstname.lastname@example.org
March 15, 2000, 7:00 am ET
The US Army switched to using Mac G3 Web servers running WebSTAR to host its main site, citing security concerns with Microsoft servers. But yesterday the army's servers were attacked by Brazillian hackers.
The hackers were from a group called Crime Boys. The Web sites hacked were http://www.cpma.apg.army.mil and http://www.2rotc.army.mil.
The Mac servers withstood the attack, but two Windows NT servers running Microsoft-IIS/4.0 were broken into. The hacked site has already been removed. There's also a story about the hack at http://www.securenet.com.br/cgi-bin/news?query=13030003, but it's not in English.
As we reported on Sept. 10,the http://www.army.mil Web site has undergone so many successful hacker attacks on its NT servers that it's now running on Mac OS servers, per the direction of Lt. General Campbell, the Army's CIO. Following is a Sept. 1 Army News Service release that confirms this: "Working from information provided by the U.S. Army's Criminal Investigation Command, FBI agents arrested a 19-year-old Wisconsin man Aug. 30 for malicious altering of a U.S. Army Web page.
"The agents identified the Green Bay man as the co-founder of a hacker organization known as 'Global Hell.'
"The arrest capped a two-month investigation led by Army CID agents, after an unidentified intruder gained illegal access to the Army Home Page June 28 and modified its contents. The intruder also gained access to an unclassified Army network and removed and modified computer files to prevent detection.
"Since the case is still ongoing, Christopher Unger, web site administrator for the Army Home Page, didn't want to talk about specifics of what the hacker did to the web page or what the Army is doing to protect its sites from future hackers. However, he said the Army has moved its web sites to a more secure platform. The Army had been using Windows NT and is currently using Mac OS servers running WebSTAR (they should have bought TeleFinder!) web server software for its home page Web site.
"Unger said the reason for choosing this particular server and software is that according to the World Wide Web Consortium, it is more secure than its counterparts. According to the Consortium's published reports on its findings, Macintosh does not have a command shell, and because it does not allow remote logins, it is more secure than other platforms. The report also said the Consortium has found no specific security problems in either the software or the server.
"The Consortium is a worldwide group of representatives from more than 350 organizations that provide the infrastructure for a global interoperable World Wide Web. Membership is open to any organization.
"Government networks are inviting to hackers because of their high profile," Unger said. However, the Department of Defense is laying the groundwork now for more secure Internet sites that will prevent unauthorized access to information, he said.