back to article Hacker sinks Royal Navy website

The Royal Navy's main website has been taken offline following claims by a Romanian hacker that he broke into the site, swiping the login credentials of administrators in the process. The hacker, TinKode, posted information on the web to support his claim to have penetrated the site, Royal Navy website …


This topic is closed for new posts.
  1. N2

    Nice to see

    We get value for money from the £500m spent on 'cyber defences'

  2. Scott K


    What, we thought the French were doing that bit.

    Nope Brussels say it's us.

    Not the French


    Can we blame them anyway?

  3. Andy H

    As Zaphod would say...

    Ten out of ten for style, but minus several million for good thinking, yeah?

  4. Blofeld's Cat

    Ohhhh yes.

    "his claim to have penetrated the site"

    That would seem to be in accordance with Churchill's view of Naval tradition then.

  5. JakeyC

    Invalid HTML

    Even the 'maintanance' page has an error:


    <centre><img src="navysitedown.gif" alt=""/></centre>


    (that's the entire page)

    Aside from the lack of a <body> and other WTFery, the closing tag has a '?' in it!

    1. Rebajas


      Good to see good old patriotic spelling of center in there as well :)

    2. Martin 71 Silver badge

      Good to know

      that the MOD are on top of technology eh?

    3. ratfox

      Oh my

      Interesting <centre> element, too... British spelling is not recognized by my Firefox.

      1. Anonymous Coward

        Not "British Spelling"

        You mean "English spelling", as in, that is how it's used in England. Britain is comprised of more than one country and its inhabitants speak more than one language.

    4. ratfox

      Most probably...

      To indicate their level of knowledge: ?html - html, what's that? It's one of those PROGRAMMING LANGUAGES, right?

    5. JakeyC

      Muphry's law

      Of course, I meant 'maintenance' page...

    6. Jeremy 2


      Oh dear, oh dear, oh dear. That really is quite special.

      I particularly like <centre> vice <center>, going to the effort of specifying the alt attribute only to leave it blank and the particularly comical 'lightbox effect' on the error message cum GIF-from-hell (score one for accessibility there). Unless I'm very much mistaken, it was achieved with MS Paint - that god-awful dithering is always a give away.

      I plugged it into the W3C's validator for giggles expecting it to implode but alas it only found eight things to complain about. Still, for 70 bytes of code, that's pretty impressive.

    7. Anonymous Coward
      Anonymous Coward


      That's what you get for using some random WYSIWYG editor. No human would have included blank alt tags.

      1. Anonymous Coward

        Words fail me...

        They listened to the comments and changed the element to <centre>

        Now it displays on the left of the page.....

        The <?html> is still there though!

      2. Remy Redert


        While I agree that no SANE human would have included blank alt tags, no WYSIWYG editor is going to use an incorrectly spelled center tag, nor would it fail to include massive header and body entries.

        So alas, it seems someone really did type that website up in their local text editor and slapped it on the net without so much as a sanity check or checking for inconsistencies.

        1. CD001

          correct me if I'm wrong

          But if you're coding in XHTML then alt tags are required in images - and if the image is purely a design element then you are SUPPOSED to use a blank alt tag.

          Granted - neither case applies in this case ;)

        2. KeepBangingTheRocksTogetherGuys!

          Accessibility 101

          Actually a human would create a blank alt tag if the image was purely presentational and conveyed no information.

          A blank alt tags tells a screen reader or other similiar user agent that there is an image here but the user doesn't need to know about it because it's just presentation. If you don't put an alt tag on a presentational image then depending on the user agent it will 'interpret' (read guess) what to do.

          Having a user agent guess at what to do is always bad for accessibility. It could be programmed to read out the file name, which could be confusing for the user or embarasing, if your HTML guy likes to name the images with stupid names.

          Remember always put an alt tag on an image even if it is blank. The blankness has information...

          1. Jeremy 2

            Re: Accessibility 101

            "Actually a human would create a blank alt tag if the image was purely presentational and conveyed no information."

            Except the image we're talking about DID convey information. In fact, it was (is still) the *only* element of the document conveying that the site is down for maintenance (not even a <title> element). The text shown in the article screenshot was part of the image, not imposed over it!

            It seems to have been improved a bit now but it still doesn't quite work :)

  6. Anonymous Coward


    It's actually a (Captain) Jack Sparrow Turing Machine for converting to/from the language known as Keefeze.

    AC because thats one shit joke.

  7. Anonymous Coward
    Thumb Down

    How ...

    In God's Name is this sort of shit even still possible? Where do they find the people to code these sites?

    I'm astounded.

    1. Ken 16 Silver badge

      They get them drunk round down the pub

      when they wake up, they're a Navy coder...

      (mine's the one with the cosh in the pocket)

  8. Pablo

    And since when is "centre" a tag?

    I realize that's the standard English spelling, but as far as I know it's never been an HTML tag. Even <center> is only barely right by current web standards.

    At least the got the alt tag in there to make it accessible to the blind.

  9. Tim Jenkins

    Deja vu all over again...

    "It's very unlikely that any confidential much yet secret material was kept on a public facing website"

    Right, because that never happens....

    Any bets on how long it takes before email 'backups' containing the current location of the on-patrol Vanguard hit the torrents?

  10. Rogerborg

    Navy website taken off line

    Causing millions of pounds of improvements in operational efficiency.

  11. Anonymous Coward


    Lemme guess ... this site was part of the "Windows for Warships" upgrade? If this can happen to the RN's site, imagine what a WiFi-toting pirate can do to the warships at sea...

    ARRRR!!!!! Shiver your timbers!!!!

  12. Peter X

    Re: Invalid HTML

    Also, using <center> in 2010 is pretty embarrassing. And then spelling it wrong (should be spelt "center") isn't great either!

  13. Anonymous Coward

    Navy wimps

    They just put up a 'maintenance' page?

    WTF do they have all those cruise missiles for, if not to deal with lowlives like TinCock or whatever he calls himself?

    1. Anonymous Coward

      Yeah A Cruise Missile Will Do

      ...and the target coordinates are somewhere in in Whitehall. It should be "Headquarters, Naval Training and Education Command".

      Alternatively, "HQ, Royal Radio Corps", "HQ, Royal Engineers".

      First they have an SQL insertion weakness and then they can't even do proper HTML. Any more words needed ? The leadership needs to go here.

  14. JaitcH

    So when do they propose extraditing the offender and keel-hauling him?

    If this had happened to a Pentagon website, again, they would be screaming terrorism, loss of secrets, etc. and demanding the alleged whiz behind this attack be handed over immediately.

    Won't happen because Romania has balls and would tell them to get stuffed.< > unlike a certain island nation we know of..

  15. TeeCee Gold badge

    Gosh, you mean.....

    ......the Navy's public-facing PR website containing no secret data is not as secure or well built as their operational systems?

    <Extremely heavy sarcasm>

    My, I am surprised. This is a disaster and no mistake.

    </Extremely heavy sarcasm>

    1. Scott 19

      Me thinks

      You do protest to much with sarcam, so it's OK that a web site that should have security as its top priority was hacked? Gives me full confidence.

  16. Andy Blackburn
    Thumb Down

    All other pages..

    ... return a 404:

    Shoddy site management in anyone's books... a 503 - Service Temporarily Unavailable header should be returned, unless they want to mess up with their indexing within search engines.

  17. Anonymous Coward

    +5 / -5

    Allow me to be the first to congratulate you on the headline, that's fab.

    As for the coder of the maintenance page - I have word that he was recently transferred to the post, following early completion of his duties as captain of the HMS Astute (a nuclear submarine recently attacked by a small island off the coast of Scotland).

  18. Anonymous Coward

    I don't know what is more worrying ...

    The thought that they would fall victim to a trivial SQL injection that could have been cooked up by any 13 year old kid .... (lets be honest, it basically boils down to typing something extra into the address bar on your browser .. hardly a massively sophisticated and unexpected attack vector)

    Or .. is it that the website is the public facing side of the navy, and as is contains no secret data, no defence inplications and no security risks ... ddoes it matter that it was not very secure and hacked with a few kestrokes into a webbrowser ...

    Or ... is the REALLY worrying thing that the "secret stuff" thats not exposed to the web actually MORE insecure, and the shambolic coding standards on the public facing website are actually hardened and tougher than the internal backend systems defending our country ????

  19. Just Thinking

    swiping the login credentials of administrators

    Really? They store their passwords in the DB? Somewhat worse than writing crap HTML. If its true.

  20. Anonymous Coward

    Meanwhile, back in the real world...

    A village in Romania is about to take delivery of several Royal Navy Tomahawk cruise missiles....

  21. Anonymous Coward

    Meanwhile, back in the real world, #2

    ..the RN had their pants down until 16:40 German time. I am sure other navies a deeply impressed by British Cyber Capabilities.

    The Romanian guy is already busy defacing something else via TOR and these muppets will never catch him.

    The current state is:

    "<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"


    <html xmlns="" xml:lang="en" lang="en">


    <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>

    <title>Royal Navy</title>



    <div><img src="navysitedown.gif" alt="A screenshot of the Royal Navy homepage" title="Royal Navy site down for essential maintenance"/></div>



  22. Anonymous Coward

    If the Royal Muppets (RM) Had A Cyper Capability

    ..a colonel who can write& debug 20000 lines of C++ code would have handled the situation. Logs would have been analyzed by an ad-hoc team of PHP/.net/Java (whatever kludge they use for content mgmt) programmers.

    The weakness would be found in less than 1 hour by just analyzing logs and re-running the evil requests and debugging the CMS. If required, the colonel would call Cheltenham and have them look at it, too.

    The senior NCO who is the webmaster would have had a simple text file as the index.html saying "due to service, currently offline. webmaster". That would have saved that html embarrassment.

    All would be up and running again. They certainly would log in a secure manner. The Evil Romanian Hacker would not be able to erase logs.

    But I guess the muppets currently download the latest version of their CMS from sourceforge and hope for the best. Everything runs as root. Or as "Adminstrator" ??

    1. Anonymous Coward

      Beer + Missile Guidence Code = ....

      I used to work with a C programmer who'd worked on missile guidance systems for the MOD.

      Given that this bloke was fond of large amounts of beer at lunchtime then (just as he is now) its perhaps no wonder there is so much "collateral damage" in modern warfare.

This topic is closed for new posts.

Other stories you might like