Hacking to Force Stronger Security

Friday, May 11, 2012 @ 10:05 AM gHale


NASA and the European Space Agency (ESA) were the victims of a hack attack from a group called The Unknowns.

The Unknowns said their goal was to force the organizations to patch their systems. The group said they hacked into 10 organizations around the world, gaining administrator access for all and leaking data for some. In addition to revealing how to access the computer systems of the organizations in question, The Unknowns also posted screenshots showing they gained accessed to each and every one.

RELATED STORIES
ICSJWG: SCADA Systems Beware
Hacked Sites Load up for Android
Beware: TigerBot can Control Android
Cyber Report: Attacks on Rise

The group even put together 250MB worth of military documents from their hacks and uploaded the collection to MediaFire. Some of the leaked documents were several years old, but there were also a few from earlier this year.

The Unknowns listed 10 websites and posted administrator accounts and passwords: NASA – Glenn Research Center; U.S. military; U.S. Air Force; European Space Agency; Thai Royal Navy; Harvard University; Renault; French ministry of Defense; Bahrain Ministry of Defense and Jordanian Yellow Pages.

For the NASA hack, the group also decided to leak one of the research center’s databases. They released names, employers, home addresses, and email addresses of 736 victims on Pastebin. ESA is the other organization for which they also leaked more data, also via Pastebin. NASA and ESA confirmed the attacks.

“NASA security officials detected an intrusion into the site on April 20 and took it offline,” a NASA spokesperson said. “The agency takes the issue of IT security very seriously and at no point was sensitive or controlled information compromised. NASA has made significant progress to better protect the agency’s IT systems and is in the process of mitigating any remaining vulnerabilities that could allow intrusions in the future.”

“The group used SQL injection… The use of SQL injection is an admitted vulnerability,” said ESA security office manager Stefano Zatti. “This needs to be addressed at a coding level.”

In their original message, the group said the goal of their attacks is to improve the state of online security around the globe.



Leave a Reply

You must be logged in to post a comment.