A hacking collective called AnonSec has been hacking NASA for around two years and has now dumped a treasure trove of stolen information on the Internet. The data dump, which the hackers originally attempted to release via Wikileaks, has instead been leaked to the internet via the hacking outfit’s Facebook page and the conspiracy-heavy website Infowars. It would appear that Wikileaks was not comfortable, for some reason, with the public’s need to consume the data contained within the leak
The massive 275gb data dump contains the names, email addresses, and phone numbers of 2,414 Nasa employees. 631 videos recorded from NASA aircrafts and weather radars, and 2,143 flight logs. According to Infowars (known for its outlandish claims, exaggerations and outright bending of the truth to impart conspiracy on its subscribers), the data dump allegedly contains smoking gun information about NASA’s involvement in weather modification programs that include spraying chemicals from planes.
The data dump itself comes with a ‘zine’ from the hacking collective, which explains the details of the hack that commenced back in 2013. According to that ‘zine’, the penetration began with AnonSec purchasing entry from a different hacker who had already gained a foothold using a Gozi virus. With a foot now in the door, AnonSec engaged in a brute force attack on NASA’s server – gaining access in 0.32 seconds – due to the feeble nature of the chosen password.
In the two years since that initial penetration, the hackers have successfully maintained their access to the NASA server, using it as a springboard to go deeper into the space agency’s systems. At one stage the hackers gained access to three Network Attached Storage devices that were used to store flight plans for drone missions. Once those devices had been rooted, members of the hacking collective stole a number of files from the hard drive – data that is amongst the leak now in circulation.
Finally, it would appear the hackers gained entry to NASA’s CCTV cameras at the Glenn Research Center, Goddard Space Flight Center, and Dryden Flight Research Center – stealing a lot of footage in the process. Also amongst the stolen data, are videos that were recorded from inside Global Hawk drones performing regular missions including one called Operation Ice Bridge (polar ice research mission).
Perhaps the most controversial aspect of the hack (and perhaps the reason that Wikileaks decided not to involve itself in this particular dataset) is the admission that AnonSec attempted to crash one of NASA’s $222.7 million Global Hawk drones into the Pacific ocean. This was attempted via a simple man in the middle attack, which involved changing the Global Hawk’s original flight plan to one directing the drone to go and swim with the fishes.
Luckily for NASA, an engineer working at Ground Control on the day noticed the drone’s unexpected behavior and decided to take manual control of the expensive flying machine. Suddenly alerted to the infiltrators, NASA took active steps to shore up its systems and eject AnonSec from the server it had been stalking for two years.
AnonSec explains in its ‘zine’ that there was a lot of disagreement among members of the hacking collective as to whether or not the NASA drone should be taken out,
‘Several members were in disagreement on this because if it worked, we would be labeled terrorists for possibly crashing a $222.7m US drone… but we continued anyways lol,’ says the hackers literature.
It remains to be seen if anything that was taken from NASA does contain information about dangerous geoengineering projects that have been wrongly hidden from the public. What the data dump does demonstrate, however, is that even important tech-savvy organizations need to spend a lot of time (and care) shoring up their systems if they are not going to be vulnerable to costly penetrations at the hands of cyber criminals.
‘Nasa has been breached more times than most people can honestly remember… However, this hack into Nasa wasn’t initially focused on drone’s data and upper atmosphere chemical samples. In fact the original breach into Nasa systems wasn’t even planned, it was caught up in a Gozi virus spread,’ comments AnonSec in the explanatory literature that comes with the data dump,
‘People might find this lack of security surprising, but it’s pretty standard from our experience. Once you get past the main lines of defense, it’s pretty much smooth sailing propagating through a network as long as you can maintain access.’