In the government computer security still sucks category, it has emerged that the Navy-Marine Corps Intranet was breached on Oct. 20, causing users’ passwords to be reset, according to a Navy spokesman.

The breach was traced to an abnormally configured legacy server that was attached to the NMCI unclassified network, according to Lt. Cmdr. Ron Steiner, a spokesman for the Naval Network Warfare Command (NETWARCOM) in Norfolk, Va. . . .

Steiner said no personal or operational information was compromised during the intrusion. Also, the NMCI portal continued to run and didn’t need to be taken down, he said. . . .

NETWARCOM is leading a forensic and technical investigation of the breach. The Naval Criminal Investigative Service is conducting a separate criminal investigation. — Government Computer News

Wait a minute. Abnormally configured legacy server?

There is a separate classified NMCI network that was not affected by this incident.

The network intrusion occurred around Oct. 20 on a legacy server that was not properly configured, Steiner said.

“Based upon that, they found it prudent that we should take the extra precaution and change . . . [the] passwords,” Steiner said. “In our opinion, the system worked as we expected it to.”

Because the Navy was able to track and see where the intruder went inside the system, officials are confident that “there was no big compromise of any information,” Steiner said. — Government Executive

Yep, that’s the pattern. People throw up servers willy-nilly and don’t lock them down properly, forget about them, and then they get broken into. The military has been doing this for as long as they’ve had computer networks, with predictable results.

The civilian world seems to have learned this lesson a lot better than their military counterparts.