What do a 15-year-old hacker, Julian Assange, inattentive administrators, and the War Thunder forum have in common? All of them were involved in data leaks from the Pentagon.
In this article, we will look at some of the most high-profile examples of leaks related to one of the most secure agencies in the world, as well as talk about the experience of interaction between the US Department of Defense and ethical hackers.
One day, Jonathan found a server that had a backdoor installed that allowed anyone to connect. The hacker connected to the server, installed a sniffer on it, and got access to all the traffic. This service belonged to one of the divisions of the US Department of Defense. Over the course of a month, the guy intercepted a lot of credentials that allowed him to access the computers of the Ministry of Defense and downloaded a huge number of emails from the mailboxes of Pentagon employees.
All this Jonathan did not do out of self-interest, but out of simple curiosity. Naturally, the break-in was noticed, an investigation was conducted and a minor criminal was found. Jonathan's case is unique in that he became the first minor in the United States to go to jail on hacking charges.
In January 2001, Gary McKinnon, a system administrator based in London, first broke into the US military computer system. The hacker did not ask the question "how to hack the Pentagon", but simply found a flaw in the security system. Gary created a perl program that found computers with administrator status but no password. To the shame of the US Department of War, there were a lot of such machines. And for 13 whole months, Gary studied the contents of the Pentagon's computers, and later NASA, with impunity. The guy was looking for evidence of the existence of extraterrestrial life and, according to him, found them. A year after the first penetration, Gary was exposed, but the guy managed to evade responsibility, as a wave of protest rose in society and the British authorities did not extradite him to the United States.
It is not known for certain whether Assange himself hacked into government servers or whether he obtained documents from third parties. But as a creator and distributor of information, he faces many charges, and the total criminal penalty for them is 175 years in prison.
Deciding to release the data, Snowden downloaded almost 2 million secret documents on a flash drive and took it out of the NSA office in a simple Rubik's cube. And then there were publications in the world media, major revelations, accusations of espionage, flight from the country and a quiet haven in Russia. It is worth noting that in this case there was also no selfish motive.
A little later, footage of the detention of Jack Teixeira — a US Air Force pilot in red shorts and heavily armed American special forces-spread around the world. In the information published by Teixeira, there were secret documents relating to the conflict in Ukraine and revealing US surveillance of partner countries. Jack was accused of espionage and now the guy is waiting for many years in an American prison.
Confidential information about US military equipment (as well as France) surfaced on the forums of the game War Thunder so often that the moderators had to publicly tell how they solve this problem and why their forum became a storehouse of secret drawings.
Not spared the American military department and negligent administrators. You can find data on at least one case when an unprotected server with sensitive Pentagon information "shone" on the network for a long time. There are probably more non-public incidents of this kind.
Also, in the media, you can find a lot of data about various leaks from the Pentagon, the authenticity of which is questionable, or has not been confirmed in the future. This can be attributed both to the desire of individual publications to "create an information guide", and to the activities of the agency itself, which may well conduct controlled leaks.
The next program was conducted in 2018 and focused on publicly accessible websites of the Ministry of Defense. By the end of 2020, the agency was hacked more than 12,000 times, but in controlled tests. Hackers were no longer paid for finding vulnerabilities, but they were awarded points on the HackerOne platform.
The launch of the Pentagon's third bug bounty program was announced in 2023. But this time, hackers were asked to try to break into systems that control mechanical operations, such as heating and air conditioning in the main building, the Pentagon's heating and cooling plant, a modular office complex and a parking lot. Hackers ' task is to identify weaknesses and vulnerabilities and provide recommendations for improving and strengthening the overall state of security.
At the same time, the Pentagon does not close itself inside and actively uses external specialists to search for vulnerabilities and weaknesses in the system. This is the right tactic that helps the ministry improve its cyber defense and better respond to intrusion attempts.
It is important to note that Russian state institutions are also gradually joining bug bounty programs. We are not talking about law enforcement agencies, at least not yet, but entire ministries and individual regions already have their own programs.
In this article, we will look at some of the most high-profile examples of leaks related to one of the most secure agencies in the world, as well as talk about the experience of interaction between the US Department of Defense and ethical hackers.
The case of Jonathan James
For the first time, according to the US Department of Defense, the Pentagon was hacked in 1999, and it was done by a 15-year-old boy named Jonathan James. Among hackers, he was known under the nickname C0mrade.One day, Jonathan found a server that had a backdoor installed that allowed anyone to connect. The hacker connected to the server, installed a sniffer on it, and got access to all the traffic. This service belonged to one of the divisions of the US Department of Defense. Over the course of a month, the guy intercepted a lot of credentials that allowed him to access the computers of the Ministry of Defense and downloaded a huge number of emails from the mailboxes of Pentagon employees.
All this Jonathan did not do out of self-interest, but out of simple curiosity. Naturally, the break-in was noticed, an investigation was conducted and a minor criminal was found. Jonathan's case is unique in that he became the first minor in the United States to go to jail on hacking charges.
Gary McKinnon's case study
The Pentagon building is primarily associated with the reliability and security of the country. However, just two years after the story of Jonathan James, another young hacker managed to break into this fortress alone. And again, not for selfish purposes.In January 2001, Gary McKinnon, a system administrator based in London, first broke into the US military computer system. The hacker did not ask the question "how to hack the Pentagon", but simply found a flaw in the security system. Gary created a perl program that found computers with administrator status but no password. To the shame of the US Department of War, there were a lot of such machines. And for 13 whole months, Gary studied the contents of the Pentagon's computers, and later NASA, with impunity. The guy was looking for evidence of the existence of extraterrestrial life and, according to him, found them. A year after the first penetration, Gary was exposed, but the guy managed to evade responsibility, as a wave of protest rose in society and the British authorities did not extradite him to the United States.
The case of Julian Assange
When considering whether the Pentagon was hacked, you can't ignore Julian Assange, the creator of WikiLeaks. Since 2006, the portal has published classified materials from the Pentagon and other US security agencies.It is not known for certain whether Assange himself hacked into government servers or whether he obtained documents from third parties. But as a creator and distributor of information, he faces many charges, and the total criminal penalty for them is 175 years in prison.
The case of Edward Snowden
It doesn't always take hacking to remove and release classified US Pentagon documents. Sometimes the danger lies in the employees themselves, who do not agree with the methods of work of the Ministry of War. The most striking example is Edward Snowden. In 2013, he was an employee of the military system and had access to classified documentation. So he learned about the large-scale US surveillance of citizens of different countries of the world.Deciding to release the data, Snowden downloaded almost 2 million secret documents on a flash drive and took it out of the NSA office in a simple Rubik's cube. And then there were publications in the world media, major revelations, accusations of espionage, flight from the country and a quiet haven in Russia. It is worth noting that in this case there was also no selfish motive.
Jack Teixeira's case
In 2023, there was a loud scandal related to the leak of secret Pentagon documents. Their photos appeared on the Discord platform, the 4Chan forum, on Twitter and some Telegram channels. Initially, it was thought that it was the Russians who hacked the Pentagon, but later it turned out that another leak was again connected with a person working in the system and having access to classified information.A little later, footage of the detention of Jack Teixeira — a US Air Force pilot in red shorts and heavily armed American special forces-spread around the world. In the information published by Teixeira, there were secret documents relating to the conflict in Ukraine and revealing US surveillance of partner countries. Jack was accused of espionage and now the guy is waiting for many years in an American prison.
Curious cases
In the history of the Pentagon and other similar agencies, there were many curious cases that led to the disclosure of official information. For example, last year, a story surfaced with a typo that caused letters from the US Department of Defense to go to mail addresses in Mali for years.Confidential information about US military equipment (as well as France) surfaced on the forums of the game War Thunder so often that the moderators had to publicly tell how they solve this problem and why their forum became a storehouse of secret drawings.
Not spared the American military department and negligent administrators. You can find data on at least one case when an unprotected server with sensitive Pentagon information "shone" on the network for a long time. There are probably more non-public incidents of this kind.
Also, in the media, you can find a lot of data about various leaks from the Pentagon, the authenticity of which is questionable, or has not been confirmed in the future. This can be attributed both to the desire of individual publications to "create an information guide", and to the activities of the agency itself, which may well conduct controlled leaks.
The Pentagon and Ethical Hackers
If the problem with the human factor is solved by tightening the internal policy towards employees, then ethical hackers protect the Pentagon website and the entire infrastructure of the US Department of War from hacking. Back in 2016, the HackerOne platform launched a state program to search for vulnerabilities called Hack the Pentagon. At that time, more than 100 potential breaches in the ministry's defense were discovered, and more than 1,400 pentesters took part in the project. This number of participants is easily explained. First, hacking the Pentagon online is every hacker's dream. And secondly, the first bug bounty program of the US Department of Defense was carried out on a paid basis. Individual payments ranged from $ 100 to $ 15,000, and the total budget was $ 75,000.The next program was conducted in 2018 and focused on publicly accessible websites of the Ministry of Defense. By the end of 2020, the agency was hacked more than 12,000 times, but in controlled tests. Hackers were no longer paid for finding vulnerabilities, but they were awarded points on the HackerOne platform.
The launch of the Pentagon's third bug bounty program was announced in 2023. But this time, hackers were asked to try to break into systems that control mechanical operations, such as heating and air conditioning in the main building, the Pentagon's heating and cooling plant, a modular office complex and a parking lot. Hackers ' task is to identify weaknesses and vulnerabilities and provide recommendations for improving and strengthening the overall state of security.
Conclusion
It is naive to think that in the modern world there are still objects that cannot be hacked. The Pentagon is no exception. Today, we've covered just a few stories related to hacking and data leaks from the US military. But there are many more incidents that have not been publicly disclosed.At the same time, the Pentagon does not close itself inside and actively uses external specialists to search for vulnerabilities and weaknesses in the system. This is the right tactic that helps the ministry improve its cyber defense and better respond to intrusion attempts.
It is important to note that Russian state institutions are also gradually joining bug bounty programs. We are not talking about law enforcement agencies, at least not yet, but entire ministries and individual regions already have their own programs.
