One or more hackers penetrated the U.S. Air Force's main Web site http://www.af.mil around New Year and defaced the home page with bloody images and obscene pictures.
It is the third high-profile penetration of government World Wide Web sites in recent months. The break-ins, which include recent attacks at the U.S. Department of Justice and CIA sites, highlight a new vulnerability for organizations getting on the Internet.
Indeed, in a recent experiment, computer security expert Dan Farmer found that nearly two thirds of high-profile government and commercial Web sites have vulnerabilities that would allow someone to break in and alter data or software.
Farmer, co-developer of the controversial Security Analysis Tool for Auditing Networks (SATAN), used the software to probe more than 2000 Web servers, looking for security flaws.
"It seems obvious from these findings that security and system administration are very difficult to perform effectively and that the latent problems of securing a host or site are ill-understood," Farmer says in a report on his Web site http://www.trouble.org.
But Peter Tippett, president of the National Computer Security Association http://www.ncsa.com disagrees with that bleak assessment. "These things are all known vulnerabilities and are easily addressed by users," he says. "It's not easy to break in to a site if the basics are done well."
Many of the vulnerabilities are well-documented problems in Unix utilities such as file transfer protocol, sendmail and Network File System.
A spokesman for the Air Force says the Web site compromised contains pointers to more than 400 Air Force sites and to some 70,000 pages of information, all of it unclassified. Data includes fact sheets and photographs of weapons systems, biographies, news releases and the like.
The spokesman says the break-in is being investigated by several agencies, including the FBI. He declined to provide details but said investigators know how the intrusion was accomplished. "No computer hacker moves without leaving footprints," he says. "We are going to find the person who did it."
He says the he Air Force is reviewing its security measures and is confident it can prevent another break-in.