Hacker forces Royal Navy to suspend website

Graham Cluley
Graham Cluley
@[email protected]

A hacker claims to have broken into the main website run by the British Royal Navy, www.royalnavy.mod.uk, revealing usernames and passwords of administrators.

The hacker, who calls himself TinKode and is believed to hail from Romania, posted information on the web about the compromise and the sensitive passwords he was able to uncover.

How embarrassing.

Royal Navy website

Sign up to our free newsletter.
Security news, advice, and tips.

At the time of writing the Royal Navy has replaced its entire website with a static image which simply says:

Unfortunately the Royal Navy website is currently undergoing essential maintenance. Please visit again soon

Source code of Royal Navy website

In the past TinKode has revealed security holes in NASA’s website, and published information about SQL injection vulnerabilities in sites belonging to the US Army.

TinKode’s attack is particularly embarrassing for the British Ministry of Defence, as just last month protecting against cyber attacks was declared in the National Security Strategy to be a “highest priority for UK national security” alongside international terrorism, international military crises and major accidents/natural hazards.

We can all be thankful that Tinkode’s activities appear to be have been more mischievous than dangerous. If someone with more malice in mind had hacked the site they could have used it to post malicious links on the Navy’s JackSpeak blog, or embedded a Trojan horse into the site’s main page.

Hopefully efforts are in place now to secure any vulnerabilities and reduce the chances of such a serious security breach happening again in future. It is to be hoped that the ultimate impact of this attack will be egg on the face of the Ministry of Defence (and better security practices in future), rather than a more significant assault on a website presenting the public face of an important part of the armed forces.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.