By Michael Santo
Contributing Writer, RealTechNews

From past experience with people leaving companies, as soon as they leave, perhaps even before they leave the building, their accounts are deactivated. Makes sense for security reasons, especially with many people being able to access work email as well as work servers via VPN. It doesn’t look like the military seems to feel the same way, however, as a security audit found thousands of accounts were either unauthorized (meaning they had been assigned inappropriate or unnecessary permissions) or abandoned.

An ongoing audit of user accounts in the armed services has uncovered an epidemic of expired and unauthorized accounts, including 3,000 in DISA (Defense Information Systems Agency), 1,500 in the U.S. Army’s Korean operation, and thousands more spread throughout the military services.

The weak account management, in addition to slow patch distribution, could be exploited by hackers to gain access to military systems, and has prompted a wholesale review of the military’s IT infrastructure, according to Lt. Gen. Charles Croom Jr.

Croom declined to comment on how many of the accounts were unauthorized or malicious in origin. Source: eWeek

We Say: OK, I won’t use the old joke about military and intelligence, though it is tempting … seriously though, I can understand how slowly patches are applied … it took months for our IT department to allow us to install XP SP2 (though as developers we had to install it to test our software against it) … but as far as the abandoned and unauthorized accounts … well, all I can say is I’m glad they are doing an audit and trying to clean up their act. It’s worrisome, however, that according to the full article there are signs some of the unauthorized accounts were being used by outsiders. Let’s face it, there are simply too many smart people out there to leave things like this wide-open.