Hackers mirror 250GB of NASA files on the web
Space agency says docs are public anyway – and miscreants didn't hijack $200m drone
Updated Hackers have released online 250GB of data they claim they purloined from NASA systems.
"So yeah, we know what you're thinking, hacking NASA? How fucking cliche... If only I had a Dogecoin for every time someone claimed that, amiright?" the group wrote in an online posting.
"It's like the boy who cried wolf but with hacking NASA instead lol. But you might be surprised how low govt security standards can be, especially with a limited budget and clueless boomers controlling the network."
The swiped records include the names, phone numbers, and email addresses of 2,414 NASA staffers, as well as more than 2,000 flight logs and 600 video feeds from the agency's fleet of aircraft. The hacker team, calling itself Anonsec, dumped the data on the web with an explanation of how the hack took place.
NASA makes the vast majority of its research and material public, so it's not clear if the 250GB collection is anything more than publicly available information or information not worth publishing. Still, if miscreants were able to penetrate the space agency's systems, that's embarrassing.
Anonsec said it didn't perform the initial intrusion into NASA, the group claims, but bought access to an agency computer from another hacker. It was only a user account, but the group mapped out what they could of the network and set to work.
The acquired user account turned out to be running on a fully patched version of Debian, but the group did some digging and was able to get access to other machines on the network, several of which had unpatched flaws.
Access was made easier by poor password security, it's claimed. In a scan for accounts using the login and password "root," the first positive hit came up within 0.32 seconds, and linking these enabled them to build a network map of NASA subsystems.
Using these techniques, the team managed to get network access to NASA's Glenn Research Center, Goddard Space Flight Center, and Dryden Flight Research Center networks. They then concentrated on finding aircraft data, since one of the key purposes of the hack was to find out more about NASA's cloud seeding research.
"One of the main purposes of the Operation was to bring awareness to the reality of Chemtrails/CloudSeeding/Geoengineering/Weather Modification, whatever you want to call it, they all represent the same thing. NASA even has several missions dedicated to studying Aerosols and their affects (sic) on the environment and weather, so we targeted their systems," the group states.
While cloud seeding to produce rainfall or other desired conditions has been researched by NASA, and has been used heavily by the Chinese for years now, the group believes that the US government is distributing heavy metals throughout the atmosphere and that these chemicals have an adverse reaction on human health and crops.
"Since organic plants (non-GMO) can't grow in harsh environments like GMOs they are forced to use Monsanto's seeds," the group said.
"However they are Terminator Seeds, which means they don't reproduce any usable seeds for the farmer, they have to keep buying more. So no more independent farmers and Monsanto controls a majority of the food supply through the farmers."
NASA is looking at the effect of cloud seeding in the upper atmosphere, but sadly – for the hackers – there was no smoking gun suggesting the agency is engaged in an active conspiracy.
In addition, the group claims to have directed a $200m NASA Global Hawk drone while it was on a flight over the Pacific. The drone is used for high-altitude testing and long duration flights (it can stay aloft for 24 hours at a time), but the group says its security is lousy.
When they examined how the Global Hawk IT systems were run, they found out that NASA was uploading a backup flight plan into the aircraft using a .gpx file. So the team crafted their own and uploaded it to the drone with the intent of crashing the aircraft into the sea.
But as soon as the drone left its predetermined flight plan, it's claimed, NASA controllers noticed something was wrong and took manual control. Shortly afterwards, the hackers were locked out of the system after a network security overhaul that, they say, was down to the hack being discovered.
NASA hasn't responded to requests for information on the hacking attack, but the leaked contact details seen by The Register are accurate. ®
Updated to add
"Control of our global hawk aircraft was not compromised," a spokesperson for NASA said in a statement.
"NASA strives to make our scientific data publicly available, including large data sets, which seems to be how the information in question was retrieved."
Sponsored: 2016 Cyberthreat defense report