Tens of thousands of US military and government computers containing sensitive information are easily accessible over the Internet, a computer security firm that cracked the networks said today.
Military encryption techniques, correspondence between generals, recruits' Social Security and credit-card numbers and other sensitive information is often stored on Internet-connected computers that use easily guessed passwords or in some cases no passwords at all, said an official at San Diego security firm ForensicTec Solutions.
"We were kind of shocked at the security measures, or lack thereof," said ForensicTec President Brett O'Keefe.
ForensicTec consultants came across the network for the US Army's Fort Hood base in Texas while working with another client earlier this summer, O'Keefe said.
From there, they were able to access internal networks at other military bases, as well as civilian agencies like the National Aeronautics and Space Administration, the Department of Energy and the Department of Transportation, he said.
Computers were easily cracked by guessing common passwords like the user's name, or even by typing in "password," O'Keefe said.
Although they were not able to access any classified information, the security consultants were able to find email messages between generals and other high-ranking officers and recruits' Social Security and credit-card numbers, he said.
They also found records describing radio-encryption techniques, laser-targeting systems and information about couriers carrying secret documents, he said.