US Army site hacked as Obama vows 'aggressive' response to cyber-attacks

The US Army was forced to close down its official website yesterday after it was defaced by the Syrian Electronic Army. The news came as US President Barack Obama promised Washington will become more 'aggressive' in defending itself against cyber-attacks.

US Army site hacked as Obama vows 'aggressive' response to cyber-attacks
US Army site hacked as Obama vows 'aggressive' response to cyber-attacks

The US temporarily shut down its Army.mil website on Monday to prevent any leak of data, after discovering it has been hacked by the SEA, which supports President Assad's Government in Syria.

The hacktivist group boasted of its attack on its Twitter page, saying: “The #SEA hacks the official website of the US Army and leave several messages on it.”

Throughout Monday, the SEA posted screenshots apparently showing sensitive US Army employee data, and messages it placed on the site's home page, criticising Washington's training of rebel fighters in Syria.

One read: "Your commanders admit they are training the people they have sent you to die fighting."

In response, US Army spokesman Brigadier General Malcolm Frost admitted: "Today an element of the Army.mil service provider's content was compromised. After this came to our attention, the Army took appropriate preventive measures to ensure there was no breach of Army data by taking down the website temporarily."

The attack follows last week's discovery that the credentials of up to 4 million US Government employees had been exposed in a breach at the US Office of Personnel Management (OPM).

That massive breach prompted President Obama, speaking after the G7 summit in Germany on the same day as the US Army hack, to promise a "much more aggressive" response to cyber-attacks on his country.

The President said America's cyber-defences "have to be as nimble, as aggressive and as well-resourced as those who are trying to break into these systems".

The OPM hack has unofficially been attributed to China, but Obama refused to directly point the finger of blame at Beijing.

He told a G7 press conference: "In some cases, it's non-state actors who are engaging in criminal activity and potential theft. In the case of state actors, they're probing for intelligence or in some cases trying to bring down systems in pursuit of their various foreign policy objectives."

The OPM and US Army hacks are the latest in string of cyber attacks on the US, including last November's breach of Sony Pictures by suspected North Korean hackers.

In January, the US Central Command, which controls American forces in the Middle East, had to suspend its Twitter and YouTube accounts after they were defaced by pro-Islamic State messages.

But President Obama's promise of a more aggressive response to such attacks has been criticised within the cyber-security community.

Professor John Walker, a director of cyber-security services firm ISX and visiting professor at Nottingham-Trent University, told SCMagazineUK.com: “I'm not sure the aggressive stance solves the problem. We try to attribute attacks to China, but also we have to remember a lot of attacks go back into China. I personally think in our current climate everybody is being aggressive.

“It's like dropping a nuclear bomb. If we start to become more aggressive, have we gone nuclear, where it's just going to be tit-for-tat retaliation? I do think there could be a lot of collateral damage if we go down that route.”

Walker added: “Before the US even think about being aggressive, the first thing they should consider is what they can do to secure their systems, to remove the vulnerability which seems to be existing.

“It's all very well going to be aggressive in that landscape, but you will encounter re-aggression. And the secondary point is if the aggressor is not who they feel it is, they attack some innocent entity.”

Cyber-expert Brian Honan of BH Consulting took a similar view. He told SCMagazineUK.com via email: “The US Government, and many other governments, should focus on improving their defences before looking at any type of counter-measures, be they aggressive or not.”

Walker said it would be difficult to defend against hacks like the OPM one which was “in a league of its own” and “was probably a concerted effort involving multiple agencies and actors working inside and out”. But less serious breaches like website hacks could be prevented.

Meanwhile, the US Government has been criticised for another attempt at more aggressive defence. President Obama has been urging US tech firms to consider weakening their data encryption, to prevent terrorists remaining hidden while still protecting users from cyber-criminals - but two industry associations have hit back in a strongly worded letter delivered to the President on Monday.

According to Reuters, the IT Industry Council and the Software and Information Industry Association, whose members include Apple, Google Facebook, IBM and Microsoft, insisted: "We are opposed to any policy actions or measures that would undermine encryption as an available and effective tool."

Sign up to our newsletters