Back to Home

Hackers nobly treated NASA

hackers · un · nasa

Hackers nobly treated NASA

    As a rule, when it becomes known that an attacker exploited a vulnerability on a site, the publication of “merged” materials almost always follows. Many people remember the series of attacks by anonymous hackers on the websites of a number of serious organizations and, as a result, the publication of private data of employees or customers (as happened with StratFor or with visitors to neo-Nazi websites, although in this case it can be argued). As a recent example of this statement, one can point to a serious security incident of the United Nations website when a group of hackers, calling themselves Casi, published on PasteBin a record with SQL injection logs of Blind at www.un.organd carefully packed the stolen data into an archive that all the curious could download within a few days.

    However, there are hackers who justify the name in its original, non-computer crime sense.

    Members of the TeamHav0k r00tw0rm and inj3ct0r group, after SQL injection on one of the NASA domains, were able to receive more than 6 GB of various private information (logins, passwords, email addresses), which was notified to the public by publishing an entry on PasteBinwith some of the stolen data. At the same time, the motive described by the hacktivists in the accompanying text is curious: they argue that completely compromised data will not be published by them, and the NASA leadership should be more careful about the security of their servers, and as evidence of the deplorable nature of their secure state and the team serving them (hacker advice, what should be done with it, frankly, not printed), the partially fused base should serve just as well.

    It is noteworthy that such a high-tech organization like NASA is not the first time exposed to incidents with the security of its data. More recently, a number of domains lance.nasa.gov, gaia.esa.int, earth.eo.esa.int, xmm.vilspa.esa.es and earthdata.nasa.gov were discovered XSS vulnerabilities, but, nevertheless, NASA executives, judging by the speed of their reaction, are not too concerned about potential security breaches of their web resources.

    Read Next