DeceptiveDuo Strike Again

The DeceptiveDuo, a pair of hackers who made waves in the security world earlier
in the week
, struck again late Friday, this time breaking into the
database at the Defense Department’s Defense Logistics Agency (DLA).

As seems to be the hackers’ modus operandi, two database screenshots
were taken and posted on two hacked Office of the Secretary of Defense
(OSD) Web pages, which were quickly taken offline. The pair claimed to
have almost system-wide access to OSD databases, but chose to post only the
two screenshots from the DLA.

This time the information was much more damaging than the names and email
addresses of Midwest Express airline passengers, with the names, ID numbers
and encrypted passwords of DLA employees posted on the defaced pages.

According to Liz Moore, DLA spokesperson, a DoD joint task force computer
operations team (JTF-COT) has been working on all its servers since Friday morning to repair the breach.

“We were made aware of (the break-in) this morning and our IT folks are
working on it right now,” she said. “The (JTF-COT) had the servers taken
down immediately are still working on it and conducting an investigation
into how it happened. We’ll have more information after the weekend.”

Moore pointed out the DLA continuously works on ways to improve the site,
security and services for its users.

Systems administrators from the DoD are working with the pair of hackers
now — communicating via e-mail and Internet relay chat (IRC) — getting
information on how the server was accessed and how to prevent it from
happening again.

As to the reasons for the break-in and subsequent posting, the pair was
quick to defend their loyalties and the reason for their activities.

“Yes, we are worried about national security, which is why we always limit
ourselves to what we post,” they said in an interview with InternetNews.com. “The posted databases are nothing compared to the other
intelligence we have gained. We try to balance it out as much as possible
without compromising our loyalty to the U.S.”

“Despite what some may think (of us), we are honestly out to do good,” they
added.

The pair posts an email address on their defaced pages, allowing security
officials to contact them to determine how the break-in occurred and how to
patch the server.

Like the Midwest Express hack earlier this week, the DeceptiveDuo accessed
the DLA database using the default Microsoft SQL password to gain
entry. The OSD Web pages used SQL as a Web and data server (both with the
default password left in place).

The security breach takes on an even more ominous tone with a reported
advisory from the U.S. Central Intelligence Agency (CIA) a week ago warning
of plans by the People’s Liberation Army (PLA) in China to cause as much
damage to U.S. and Taiwanese Internet-linked military systems.

According to the L.A. Times, the classified report states the Chinese Army
“does not have the capability to carry out its intended goal of disrupting
Taiwanese military and civilian infrastructures or U.S. military logistics
using computer virus attacks” and are limited to the “temporary disruption
of sectors that use the Internet.”

DeceptiveDuo claims a group of U.S. hackers are joining forces to
defend against the rumored Chinese security attacks, an extension of an
on-again-off-again rivalry between hackers from both countries which flared
up last year after the events surrounding the crash of a U.S. spy plane on
Chinese soil.

Get the Free Newsletter!

Subscribe to our newsletter.

Subscribe to Daily Tech Insider for top news, trends & analysis

News Around the Web