The U.S. Department of Defense can be at a huge risk of being attacked by hackers very easily, a security researcher warns.
According to the ZDNet, who cites the Dan Tentler, the founder of cybersecurity firm Phobos Group, there are several misconfigured servers run by Department of defence could allow attackers an easy access to the internal government systems. This includes eagerness of foreign actors to find a way to get into U.S. systems, especially since they can easily make it look as if the attacks are from within the United States.
Dan said that he’s probably not the first to discover these flaws since they are particularly easy to discover. He added that they are probably already being exploited now.
“There were hosts which were discovered having serious technical misconfiguration problems that can be easily abused by an attacker outside or inside of the country, they could implicate the US as culprits in hacking attacks if they desire so,” Tentler told ZDNet.
They have informed the Pentagon of the problem eight months ago, but still, no security fix has been deployed to correct those servers. This indicates cross negligence. This is mostly because the vulnerable servers were not part of the scope of the bug bounty program run by the Pentagon, which started about a year ago.
The Pentagon has been running a bug bounty program in the past year, allowing white hats to find and report bugs and flaws in the system in exchange for money, something that tech companies have been doing for years. The extent of what they can test for flaws is limited, however, since only defense.gov and .mil are open to the program.