Passwords reset after breach of Navy-Marine Corps network

By Daniel Pulliam dpulliam@govexec.com November 7, 2005

A recent breach of the Navy Marine Corps Intranet did not jeopardize personal or organizational information, but required some passwords to be changed, according to a Navy spokesman.

Passwords for certain users on the unclassified portion of the NMCI network were reset as part of a "prudent network security response" to an intrusion by an unauthorized user, said Lt. Cmdr. Ron Steiner, a public affairs officer for the Naval Network Warfare Command in Norfolk, Va. There is a separate classified NMCI network that was not affected by this incident.

The network intrusion occurred around Oct. 20 on a legacy server that was not properly configured, Steiner said.

"Based upon that, they found it prudent that we should take the extra precaution and change . . . [the] passwords," Steiner said. "In our opinion, the system worked as we expected it to."

Because the Navy was able to track and see where the intruder went inside the system, officials are confident that "there was no big compromise of any information," Steiner said.

The ports used by the unauthorized intruder have since been blocked and taken offline, Steiner said. If the intruder is caught, the case will be handed over to Naval Criminal Investigative Service, he added.

The breach also didn't affect the IT 21 networking system, which serves the Navy's ships, and the overseas network ONE-NET, according to a message sent to NMCI users last month.

VIEW ALL COMMENTS POST COMMENT

COMMENTS

  • Was the hacker traced and identified? If an American, throw the book at him/her! GovExec.com reader Posted November 15, 2005 2:57 PM
  • Just remember: NMCI stands for “No More Computing In-house.” GovExec.com reader Posted November 8, 2005 5:48 AM
  • If "certain users on the unclassified portion of the NMCI network were reset" is to mean 100 percent of unclassified portion of the NMCI network were reset, you would be correct. Also, if "a legacy server that was not properly configured" means an NMCI server was not properly configured, you would be correct. GovExec.com reader Posted November 8, 2005 1:49 PM
VIEW ALL COMMENTS

RELATED STORIES

GovExec Live!

The government's mileage reimbursement rate rose to 48.5 cents in the aftermath of Hurricane Katrina and is likely to stay put until at least the end of the year, even though gas prices are falling. The General Services Administration has instituted higher per diem rates for employees traveling on official government business in hurricane-ravaged areas.

At 12 p.m. EST on Wed., Nov. 9, GovExec.com reporter Daniel Pulliam will answer your questions about these and other recent travel-related developments. You can submit your questions early or during the live online discussion.