Up to 20 percent of the computer accounts used by the U.S. military are unauthorized or abandoned, providing a major opportunity to hackers and foreign governments who want to spy on the United States, according to a senior military official.
An ongoing audit of user accounts in the armed services has uncovered an epidemic of expired and unauthorized accounts, including 3,000 in DISA (Defense Information Security Administration), 1,500 in the U.S. Army’s Korean operation, and thousands more spread throughout the military services.
The weak account management, in addition to slow patch distribution, could be exploited by hackers to gain access to military systems, and has prompted a wholesale review of the military’s IT infrastructure, according to Lt. Gen. Charles Croom Jr.
The account audit was prompted by a general “stand down” by the U.S. Department of Defense’s military’s information assurance groups in November 2005, said Croom, who is Commander of the Joint Task Force – Global Network Operations within the DOD.
Croom was addressing an audience of military and civilian cyber crime experts at the annual DOD Cyber Crime Conference in Palm Harbor, Fla.