Syrian Electronic Army Takes Down US Army Website

Students from West Point took part in the Cyber Defense Exercise. (U.S. Army photo) The Syrian Electronic Army is taking credit for hacking and taking down the U.S. Army’s website, Army.mil.

The site went down Monday afternoon and as of 7 p.m. EST Monday evening, it was still down. Initially, the group had a message pop up on the site saying: “Your commanders admit they are training the people they have sent you to die fighting.” The message no longer appears.

Army leaders acknowledged the hack with Army Brig. Gen. Malcolm Frost releasing this statement:

“Today an element of the Army.mil service provider’s content was compromised. After this came to our attention, the Army took appropriate preventive measures to ensure there was no breach of Army data by taking down the website temporarily.”

Pentagon leaders have said their websites and data servers are under constant attack from various groups. Five months ago, U.S. Central Command’s social media accounts were hacked by a group who supported the Islamic State in Iraq and Syria (ISIS).

Last week, the federal government said a group of hackers from China executed one of the largest cyber attacks in U.S. history. The group gained access to data from the Office of Personnel Management — the human resources department for the federal government — and the Interior Department.

About the Author

Michael Hoffman
Michael Hoffman is the executive editor at Tandem NSI and a contributor to Military.com. He can be reached at mhoffman@tandemnsi.com.
  • Guest

    Wow, this does not say anything good about our cyber security. Who is to blame?

    • Retired in Atlanta

      The blame is solely the fault of the DOD Information Security Systems Command. Years ago the Security of the IT Systems was the best in the world. Now almost all those engineers that made it that way have either retired or moved on to more financially rewarding jobs in the Private Sector. DOD figured that their system would last forever, but are finding out that Level 1 and 2 Engineers do not have the skillsets of the Level 3 Engineers that walked away during the last several years. Time for them to realize that if they are going to have the best and most secure system then they are going to have to Pay for it and recruit top talent.

      • blight_

        Considering even RSA, maintainers of the SecurID two-factor authentication system got jumped it’s natural to assume the entire interwebs cannot be fully secured.

        Edit: Would be more worried about that OPM theft. Yikes!

    • Tad

      This is a good question from outside the DoD establishment, but I hope that’s not the primary question the DoD is asking itself. The DoD instead should approach the issue as identify the problem, fix the problem, figure out ways to avoid the problem (or even better, problems of a similar general nature) in the future.

      Anyway, now that that is off my chest :-), perhaps it’s a case of a huge bureaucratic system that is trying to adapt to rapid technological and strategic changes. And big bureaucracies have never been noted for their flexibility and adaptability.

    • blight_

      All security is compromised. Why? The NSA spends effort finding backdoors and using them as cyber lockpicks instead of reporting the defects. Even quiet patches to American systems would be greatly appreciated. Also, a “update the fixes” mentality may not exist across all nodes/servers/datacenters, especially those outward facing to the web. That and credentials aren’t fully compartmentalized. If you spearphish my email, my credentials get you into more things than email. At the same time, lack of two factor authentication.

      But every system can be subverted. Even open source two factor algorithms probably have weaknesses picked clean by NSA.

    • wpnexp

      This is not news. http://www.army.mil is just a basic news provider and does not effect day to day activities of the Army. It is about as serious as someone stealing the junk mail from your mailbox.

  • ken

    If it’s running Windows than i’m not in the least surprised.

    • NMI

      Where does this article state the site was running Windows? Do you have some facts to back this up?

      • miles

        He meant to ask a sarcastic question but failed.

      • ccc40821

        Did you even notice the word ‘if’ at the very beginning of the sentence?

    • blight_

      Pretty sure they’ve moved on to targeting mobile devices, the electronic device in the hands of the most rubes. (Meaning iOS and Android at this point)

    • @wdinwiddie

      yes and apple servers have been hacked too so you make yourself look like an idiot by making such statements

  • jffourquet

    Just how incompetent are when it comes to cyber security!!!!!!!!!!!!!!!!!

    • FriskyDingo

      Just how incompetent are you when it comes to asking a grammatically correct question? English motherfu@#er, do you speak it?

      • realjetmech

        What does attacking each other? Have
        to do with the fact our leadership is incompetent at the best?

    • Jerry

      NMI Ken made a statement about Windows and Miles are you a mind reader?

  • Roger Russell

    But Climate Change is the biggest threat to our national security! Or so they say.

    • LHS3

      Climate Change is NOT our biggest threat at least not today anyway. As you righties often fail to hear or read your sources correctly, perhaps due to your heavy close mindedness, Climate Change was cited by the Pentagon as being a definite security threat. Obama echoed the Pentagon’s assessment in a past speech, but nowhere did he or the Pentagon say it is our biggest one. Wake up from your anti-science slumber!

  • Sharkie

    They will probably have to relace these missing technically proficient systems people with personnel from over seas!

  • Sharkie

    Ands securing a system is a moving target and can sometimes be blamed on sister servers not so well protected. However - that, again, is a technical issue that is well understood and should have been planned for.

  • DonD13

    Security is a process, not a product. If something is ‘secure’ today, without continuous updates & testing it will be easily hacked in the future.

    From the wording of Gen. Frost’s statement, it would appear that they outsourced the hosting of the site. Most likely there was a long drawn out process to vet the security of the provider on the front end, but insufficient (or nonexistent) ongoing testing to make sure the provider kept that level of security.

    • blight_

      More red cell testing is needed.

      Also, I’m unsure how important the front-facing end of “army.mil” is. Intranet and other airgapped stuff presumably is still safe.

  • Fatman

    Let me guess, our response will be to talk about how much we need to tighten security but we won’t do anything until they hack some pumps or generators and blow them up.

  • Pbroyles

    How can all this hacking happen and the government can get Hillary’s emails ??

  • guest

    But hey, forget about cyber security — lets spend another 2 Trillion dollars on the F-35 instead.

  • painter45

    The Government since Ronnie has devalued it’s employee’s and played with the pay and benefits, it has gotten worse over the last few years, with no change in site, the Government is no longer a good place to work. They no longer a trusted employer… So not they have to depend on the less educated and other undesirable, and they contract most government jobs anymore.. These contractor are for Profit ONLY they have low standards to gain the biggest profit, they replace employee’s on a regular basis’s… Until the Government becomes a desirable place to work again,, everything will continue to go down.

  • oblatt23

    The guys who cant even keep their web site safe think it should be their job to be the police of the internet. The damage to the US economy is already tens of billions of dollars a year and will continue to grow.

  • LPF

    Wow they hacked a webserver, tomorrow the launch codes for the ICBM’s, Jesus Christ when did the west start wetting their pants about script kiddies?

    • Cenk

      LOL, you think a skid could take down army.mil? You’re delusional good sir, have a nice day.

  • GrouchyMSGT

    LOL. @LPF, you’re right, but people just don’t understand the infrastructure in place on DoD networks. Web Servers, whether vetted or not, yes they do certification and accreditation of the hardware and software before it’s allowed on the network, but Web Servers are in the least secure area of the network - the Demilitarized Zone. While we monitor and try to fend off attacks, in the thousands per day in some cases, these forward facing servers which provide info to the public and not using SSL are indeed vulnerable, and it’s not that amazing of a feat, although made much more difficult than the average ISP’s hosting. So as LPF stated, I wouldn’t get your panties in a bunch because some Syrian Script Kiddies put down their Nintendo game for a hour and busted into a relatively speaking less secured Server with DoD content - whoopty do!! The coordinated Chinese attack, now THAT’S a different story all together.

  • Avery

    An impressive share! I’ve just forwarded this onto a colleague who was conducting a little
    homework on this. And he in fact bought me lunch because
    I stumbled upon it for him… lol. So let me reword this….
    Thank YOU for the meal!! But yeah, thanks for spending the time to talk about this issue here on your website.

  • birkenstocks online

    birkenstocks sydney