Hacker group AnonSec claims it briefly altered the flight path of a £154m Global Hawk drone with the intent of crashing it
Activist hacker group AnonSec has released a large trove of data it says was stolen from NASA servers, and detailed the way in which it nearly crashed a $222 million (£154m) Global Hawk drone into the Pacific Ocean.
The 250GB data cache includes the names, email addresses and telephone numbers of more than 2,400 NASA employees, more than 2,100 flight logs and 631 videos drawn from NASA aircraft and radar feeds.
In some videos, drones are seen taking off from a runway, while others show large bodies of ice (pictured) allegedly filmed during polar research missions in 2012 and 2013. The cache also includes flight logs indicating aircraft models, GPS coordinates and sensor readings.
The data theft and drone access took place over a period of several months, beginning in 2013, according to a report AnonSec released along with the data cache detailing its activities.
The group claims it first obtained access to NASA’s systems when it purchased a user login from a third-party hacker in 2013. The group found that administrator credentials for remotely controlling computers and servers had been left at default, allowing it to install a packet sniffer which in turn gathered more login data.
“People might find this lack of security surprising but it’s pretty standard from our experience,” AnonSec said in the report. “Once you get past the main lines of defence, it’s pretty much smooth sailing propagating through a network as long as you can maintain access.”
Drone flight plans
Gaining access to storage units at the Glenn Research Centre in Ohio, the Goddard Space Flight Centre in Maryland and the Dryden Flight Research Centre (now the Neil A. Armstrong Flight Research Centre) in California, AnonSec found that they contained pre-planned flight routes for drones, and uploaded an altered route intended to crash a drone into the Pacific.
“Several members were in disagreement on this because if it worked, we would be labelled terrorists for possibly crashing a $222.7m US drone… but we continued anyways lol,” the group said in the report.
The drone followed the altered route until the deviation was noticed by NASA controllers, who manually corrected the flight path, according to AnonSec. At this point NASA became aware of the security intrusion and cut off AnonSec’s access by changing passwords and patching vulnerabilities, the group said.
AnonSec claims it initially hacked NASA’s systems in the hope of discovering information about the agency’s alleged involvement in climate engineering methods, such as cloud seeding, that the group believes are harmful to human health.
The group, which is affiliated with the Anonymous hacker collective, claimed in 2014 that it had hacked an NSA drone and has claimed responsibility for hacking government systems in Israel, Indonesia and Turkey.
NASA did not immediately respond to a request for comment.
Last year British-Finnish activist Lauri Love was charged with hacking into NASA and other US federal agencies, with US authorities requesting his deportation. Others accused of hacking NASA include Gary McKinnon, a Scottish systems administrator, whose lengthy extradition proceedings to the US were finally withdrawn in 2012.
Like AnonSec, McKinnon claimed he had accessed NASA’s systems in order to search for secret records, in his case relating to UFOs and concealed alternative energy sources.
Are you a security pro? Try our quiz!