Activist hacker group AnonSec has released a large trove of data it says was stolen from NASA servers, and detailed the way in which it nearly crashed a $222 million (£154m) Global Hawk drone into the Pacific Ocean.
The 250GB data cache includes the names, email addresses and telephone numbers of more than 2,400 NASA employees, more than 2,100 flight logs and 631 videos drawn from NASA aircraft and radar feeds.
The data theft and drone access took place over a period of several months, beginning in 2013, according to a report AnonSec released along with the data cache detailing its activities.
The group claims it first obtained access to NASA’s systems when it purchased a user login from a third-party hacker in 2013. The group found that administrator credentials for remotely controlling computers and servers had been left at default, allowing it to install a packet sniffer which in turn gathered more login data.
“People might find this lack of security surprising but it’s pretty standard from our experience,” AnonSec said in the report. “Once you get past the main lines of defence, it’s pretty much smooth sailing propagating through a network as long as you can maintain access.”
Gaining access to storage units at the Glenn Research Centre in Ohio, the Goddard Space Flight Centre in Maryland and the Dryden Flight Research Centre (now the Neil A. Armstrong Flight Research Centre) in California, AnonSec found that they contained pre-planned flight routes for drones, and uploaded an altered route intended to crash a drone into the Pacific.
“Several members were in disagreement on this because if it worked, we would be labelled terrorists for possibly crashing a $222.7m US drone… but we continued anyways lol,” the group said in the report.
The drone followed the altered route until the deviation was noticed by NASA controllers, who manually corrected the flight path, according to AnonSec. At this point NASA became aware of the security intrusion and cut off AnonSec’s access by changing passwords and patching vulnerabilities, the group said.
AnonSec claims it initially hacked NASA’s systems in the hope of discovering information about the agency’s alleged involvement in climate engineering methods, such as cloud seeding, that the group believes are harmful to human health.
The group, which is affiliated with the Anonymous hacker collective, claimed in 2014 that it had hacked an NSA drone and has claimed responsibility for hacking government systems in Israel, Indonesia and Turkey.
NASA did not immediately respond to a request for comment.
Last year British-Finnish activist Lauri Love was charged with hacking into NASA and other US federal agencies, with US authorities requesting his deportation. Others accused of hacking NASA include Gary McKinnon, a Scottish systems administrator, whose lengthy extradition proceedings to the US were finally withdrawn in 2012.
Like AnonSec, McKinnon claimed he had accessed NASA’s systems in order to search for secret records, in his case relating to UFOs and concealed alternative energy sources.
Are you a security pro? Try our quiz!
Google parent Alphabet sees market capitalisation surge over $2tn on plan to over first-ever cash…
Google asks Virginia federal court to dismiss case brought by US Justice Department and eight…
Snapchat parent Snap reports user growth, revenues in spite of tough competition, in what may…
Intel shares sag after company shares gloomy revenue predictions, as data centre chip demand hit…
Germany's Tuta Mail says Google broke EU's new DMA rules with March algorithm update that…
US auto safety regulator opens new investigation into adequacy of Tesla Autopilot recall, saying it…
View Comments
“Several members were in disagreement on this because if it worked, we would be labelled terrorists for possibly crashing a $222.7m US drone… but we continued anyways lol,”
With the stated intention to crash the drone, there is a terrorist element within AnonSec. Maybe those who don't want to be terrorists might roll on those who are. LOL.