As seems to be the hackers' modus operandi, two database screenshots were taken and posted on two hacked Office of the Secretary of Defense (OSD) Web pages, which were quickly taken offline. The pair claimed to have almost system-wide access to OSD databases, but chose to post only the two screenshots from the DLA.
This time the information was much more damaging than the names and email addresses of Midwest Express airline passengers, with the names, ID numbers and encrypted passwords of DLA employees posted on the defaced pages.
According to Liz Moore, DLA spokesperson, a DoD joint task force computer operations team (JTF-COT) has been working on all its servers since Friday morning to repair the breach.https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i "We were made aware of (the break-in) this morning and our IT folks are working on it right now," she said. "The (JTF-COT) had the servers taken down immediately are still working on it and conducting an investigation into how it happened. We'll have more information after the weekend."
Moore pointed out the DLA continuously works on ways to improve the site, security and services for its users.
Systems administrators from the DoD are working with the pair of hackers now -- communicating via e-mail and Internet relay chat (IRC) -- getting information on how the server was accessed and how to prevent it from happening again.
As to the reasons for the break-in and subsequent posting, the pair was quick to defend their loyalties and the reason for their activities.
'Honestly Out To Do Good'
"Yes, we are worried about national security, which is why we always limit ourselves to what we post," they said in an interview with InternetNews.com. "The posted databases are nothing compared to the other intelligence we have gained. We try to balance it out as much as possible without compromising our loyalty to the U.S."
"Despite what some may think (of us), we are honestly out to do good," they added.
The pair posts an email address on their defaced pages, allowing security officials to contact them to determine how the break-in occurred and how to patch the server.
Like the Midwest Express hack earlier this week, the DeceptiveDuo accessed the DLA database using the default Microsoft SQL password to gain entry. The OSD Web pages used SQL as a Web and data server (both with the default password left in place).
The security breach takes on an even more ominous tone with a reported advisory from the U.S. Central Intelligence Agency (CIA) a week ago warning of plans by the People's Liberation Army (PLA) in China to cause as much damage to U.S. and Taiwanese Internet-linked military systems.
According to the L.A. Times, the classified report states the Chinese Army "does not have the capability to carry out its intended goal of disrupting Taiwanese military and civilian infrastructures or U.S. military logistics using computer virus attacks" and are limited to the "temporary disruption of sectors that use the Internet."
DeceptiveDuo claims a group of U.S. hackers are joining forces to defend against the rumored Chinese security attacks, an extension of an on-again-off-again rivalry between hackers from both countries which flared up last year after the events surrounding the crash of a U.S. spy plane on Chinese soil.
This story was first published on InternetNews, an internet.com site.