Miscreants took advantage of weak security to hack into two NASA-run websites over the weekend.

The websites of NASA's Instrument Systems and Technology unit and Software Engineering division were broken into and screenshots illustrating the hack posted online. Hackers appear to have taken advantage of SQL Injection flaws and poor access controls in mounting the attack, reports Gunter Ollmann, an ex-IBM security expert who is now VP of Research at security firm Damballa.

Obfuscated screenshots from the hack were subsequently posted onto a full disclosure mailing list (here).

The motives and perpetrators of the attack remain unclear at the time of writing. Messing around with sites run by the space agency is a risky business for hackers, as Gary McKinnon and others have discovered, though whether anything will happen over the latest break-in is unclear. ®

Related stories

• Obama banks on NASA's big launcher (18 December 2009)
• TJX hacker mulls Asperger's defense (16 December 2009)
• US Congress seeks control over NASA moonshot (11 December 2009)
• NASA hacker Tenenbaum agrees to US extradition (1 May 2009)
• US Navy hacker avoids Romanian jail (11 November 2008)
• Spanish police cuff web defacement crew (19 May 2008)
• NASA hacker jailed (28 June 2005)
• Update: Teen hacker charged with Nasa attacks (14 March 2001)