The Sunday Times reports:
""Agents hijack army website"
Adam Nathan, Defence Correspondent
TWO disgruntled former army intelligence agents have caused a security alert after hijacking a military website. The men were able to take control of the site’s e-mailing facility shortly before Christmas after the Intelligence Corps apparently failed to renew its subscription."
Currently, there do not seem to be any MX records for the domain intelligencecorps.co.uk i.e. no internet email servers, and the domain appears to be simply parked with a domain name registrar in the USA.
Paying money for the use of a commercial .co.uk domain name whose registration has lapsed does not constitute "hijacking" and is not illegal.
"When recruits send e-mails inquiring about jobs with the corps via its website, the men send back messages claiming that the unit is "responsible for the murder of innocent civilians and the direction of terrorism".
The men, Kevin Fulton (a pseudonym) and Sam Rosenfeld, formerly worked for the Force Research Unit (FRU), a covert branch of the Intelligence Corps set up to infiltrate Northern Ireland paramilitary groups. The FRU, later renamed the Joint Services Group (JSG), has been linked to murders by loyalist terrorists.
Both men claimed last week that they had been abandoned by their military intelligence handlers and that their lives were in danger from republican terrorists seeking revenge. They said the reason for hijacking the website was to draw attention to their treatment by the Ministry of Defence (MoD).
The ministry said: "It looks as if the e-mail address . . . has been allowed to lapse and has been taken over. We are investigating how this happened." It said the website was owned and operated by the Intelligence Corps but its contents were being transferred to the main MoD site."
There should be an investigation into why exactly the so called Intelligence Corps of the British Army was using anything other than an official .mod.uk or .gov.uk domain name in the first place. At least if the registration of these had lapsed, they could not be so easily snapped up by third parties. The investigation should also hunt down any other offical Ministry of Defence websites and email systems which have security weaknesses in their technical set ups or, at least as importantly, in their managerial procedures.
"The Intelligence Corps uses the website to attract potential recruits. More than a dozen applicants have used the e-mail facility on the site — usite.army.mod.uk/intcorps — since Rosenfeld and Fulton hijacked it. Instead of careers information they have received messages from the former agents."
How dim do you have to be to send your personal details via unencrypted email, over the insecure Internet when enquiring about or applying for a job with an intelligence agency ?
We would automatically fail candidates who applied this way ! Even the new Intelligence Corps website on the main MOD web site complex, still publishes an unencrypted, non-MOD email address.
We welcomed the introduction of a Secure Sockets Layer encrypted contact webpage for the Security Service MI5, and believe that all careers contacts for the British Armed Forces should take similar precautions.
What happens when a successful recruit is stationed overseas and finds that the local foreign intelligence agencies or terrorists have copies of his curricuklum vitae , and his home address which he applied from whilst still at school or university, i.e. in all likelyhood what is still the home address of his parents or relatives, obtained from unencrypted internet traffic monitoring ?
There is no excuse for treating this sort of information, even from unsuccessful potential recruits, many of whom are technically still children under the age of 16, who also deserve to have their details kept confidential under normal and well understood Data Protection principles, with less online security than for a paltry online credit card transaction.
Obvious;y the former Intelligence Corps agents seem to be more au fait with internet propaganda and public relations than the Ministry of Defence - this is not acceptable in 21st century "network centric" warfare.