Royal Navy website attacked by Romanian hacker

Screengrab of Royal Navy website, MoD The Royal Navy website has been suspended while security teams investigate

Related Stories

The Royal Navy's website has been hacked by a suspected Romanian hacker known as TinKode.

The hacker gained access to the website on 5 November using a common attack method known as SQL injection.

TinKode published details of the information he recovered, which included user names and passwords of the site's administrators.

A Royal Navy spokesperson confirmed the site had been compromised and said: "There has been no malicious damage."

They added that as a precaution the site has been "temporarily suspended" and that security teams were investigating how the hacker got access. They said no confidential information had been disclosed.

The Royal Navy website currently shows a static image on which is a black box bearing the text: "Unfortunately the Royal Navy website is undergoing essential maintenance. Please visit again soon."

TinKode first mentioned the attack on his Twitter stream and added a web link to a page that contained more details about what he had found.

This text file contained the names of the site's administrators and many regular users.

The attack used to get the information compromises the database used to run a site by sending malformed queries and analysing the responses this generates.

Graham Cluley, senior security analyst at Sophos, said the incident was "immensely embarrassing, particularly in the wake of the recent security review where hacking and cybercrime attacks were given the top priority.

"Now we have the Royal Navy with egg on its face."

Mr Cluley said the hacker had apparently gained access to the Navy's blog, Jackspeak, and to an area called Global Ops.

"He's obviously more of a show-off type of hacker rather than malicious," said Mr Cluley.

"But if he'd wanted to he could have inserted links which would have taken the website's readers to malicious sites."

Tinkode has apparently carried out 52 separate defacements of websites in the last 12 months, according to website ZoneH.

Targets included everything from small businesses to adult websites. He has also uncover vulnerabilities in high-profile sites such as Youtube.

More on This Story

Related Stories

The BBC is not responsible for the content of external Internet sites

More Technology stories

RSS

Features

  • Cesc FabregasFair price?

    Have some football clubs overpaid for their new players?


  • Woman and hairdryerBlow back

    Would banning high-power appliances actually save energy?


  • Members of staff at James Stevenson Flags hold a Union Jack and Saltire flag UK minus Scotland

    Does the rest of the UK care if the Scots become independent?


  • Women doing ice bucket challengeChill factor

    How much has the Ice Bucket Challenge achieved?


  • Women in front of Windows XP posterUpgrade angst

    Readers share their experiences of replacing their operating system


BBC © 2014 The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.