US Navy Vendor Cyber Rating & Cyber Score

Description: The US Navy experienced potential vulnerabilities due to the integration of high-speed internet via SpaceX’s Starlink network on warships. The system, SEA2, aimed to improve morale and connectivity, enabling sailors to maintain contact with family and access data at sea. However, unauthorized disclosure of the press release about the installation of Starlink on USS Abraham Lincoln highlighted operational security issues, as the ship was heading to a tense Middle East region. The severity of the breach could be considered high due to possible exploitation by adversaries, leading to significant implications for national security.

Description: In October 2021, the official Facebook page of the USS Kidd, a U.S. Navy warship, was compromised by an unidentified hacker. The attacker took control of the page and streamed gameplay footage of *Age of Empires* for approximately four days before the Navy regained access. While no sensitive military data, operational details, or classified information was exposed, the incident resulted in a loss of reputational control and public embarrassment for the U.S. Navy. The hack demonstrated vulnerabilities in the Navy’s social media security protocols, raising concerns about the potential for more severe cyber intrusions targeting military public-facing platforms. Although the breach did not directly impact national security or operational capabilities, the unauthorized access and prolonged loss of control over an official military communication channel highlighted gaps in cybersecurity oversight for non-classified but high-visibility digital assets. The incident also prompted internal reviews of social media account management practices across Defense Department entities.

Description: A 57-year-old Indian-origin Singaporean woman was jailed up to three years for most extensive bribery and fraud conspiracy in the history of the United States Navy. She had the responsibility of managing ship husbanding contracts worth millions of dollar, with duties such as drafting contract requirements, including negotiating and evaluating bids. Gursharan disclosed non-public information from the US Navy to Francis, which helped GDMA clinch 11 contracts worth a total of about USD 48 million, out of 14 contracts that the company bid for. Gursharan provided sensitive information pertaining to pricing strategies, price information of GDMA’s competitors and questions that the contracts review board had posed to GDMA’s competitors. The scandal has also resulted in the arrest and conviction of several Navy officials in the US.

Description: The United States Navy exposed personal information belonging to 134,386 active and retired sailors. An investigation is being conducted by HPE and NCIS. The infected laptop belonged to an employee of Hewlett Packard Enterprise Services and contained the names and social security numbers of internal staff. It was found that "unknown individuals" had access to the personal information of US Navy personnel by the Naval Criminal Investigative Service (NCIS) and HPE, who are studying the incident. On Nov. 22, 2016, it was concluded through analysis by HPES and an ongoing investigation by the Naval Criminal Investigative Service (NCIS) that 134,386 present and retired sailors' Social Security numbers (SSNs) and other sensitive information had been accessed by unidentified persons.

Description: Cybersecurity Roundup: Mandiant Exposes Legacy Protocol Risks, Espionage Sentencing, and More Mandiant Releases Tools to Demonstrate Net-NTLMv1 Vulnerabilities Google’s Mandiant has released rainbow tables capable of cracking Microsoft’s outdated Net-NTLMv1 authentication protocol in under 12 hours using consumer-grade hardware costing less than $600. The protocol, known for over 20 years to be vulnerable to credential theft, remains in use despite repeated warnings. Mandiant’s principal red team consultant, Nic Losby, urged organizations to disable Net-NTLMv1 immediately, echoing advice first issued by *The Register* in 2010. US Navy Sailor Sentenced for Selling Secrets to China A US Navy sailor, Wei, was sentenced to 16 years and eight months in prison for selling classified technical manuals and operational intelligence to a Chinese intelligence official between 2022 and 2023. The Department of Justice revealed Wei earned $12,000 from the espionage, despite acknowledging the illegality of his actions. Supreme Court Hacker Pleads Guilty Nicholas Moore, a 24-year-old from Tennessee, pleaded guilty to computer fraud after illegally accessing the US Supreme Court’s electronic filing system for 25 days in 2023. Details of his activities remain undisclosed, but the charge carries a potential 10-year prison sentence and fines. The incident follows repeated breaches of US court systems, including a 2023 attack on the PACER system allegedly by Russian hackers. Interpol Arrests 34 Linked to Nigerian ‘Black Axe’ Cybercrime Syndicate Interpol detained 34 individuals in Spain, including 10 core members of the Nigeria-based Black Axe gang, known for cyber fraud, human trafficking, and armed robbery. With an estimated 30,000 members and countless affiliates, the arrests mark the group’s third major bust in recent years, following 75 arrests in 2022 and 14 in 2023. US Bill Targets ICE’s Surveillance App Over Civil Liberties Concerns A new bill, led by Rep. Bennie Thompson (D-MS), seeks to restrict ICE’s Mobile Fortify app used to identify suspects and protesters exclusively to US ports of entry. The legislation would also ban DHS from sharing the app externally, require its deactivation on non-government devices, and mandate the deletion of biometric data collected from US citizens. Critics argue the app enables overreach and privacy violations, with ICE also deploying license plate readers for broader surveillance.