AnonSec Hackers Allegedly Breach NASA

A huge data dump has been released by hacker group AnonSec following several months of a prolonged hacking endeavor which also saw the group attempt to bring down a $222 million drone into the Pacific ocean, allegedly.

The 250 GB data dump purportedly contained names, phone numbers and email addresses of nearly 2,500 NASA employees. Additionally, 2,143 flight logs along with 631 videos were taken from radar feeds and NASA-owned aircraft, according to a report.

The dump also contained a ‘zine’, or a self-published paper from the hacker group that detailed the vulnerabilities which the hackers were able to poke holes through.

“This hack into NASA wasn’t initially focused on drone data and upper atmosphere chemical samples. In fact the original breach into NASA systems wasn’t even planned, it was caught up in a Gozi virus spread,” AnonSec said.

After purchasing our initial foothold, we were just seeing how many machines we could break into, root and possibly find interesting/profitable data.

The ‘zine’ had AnonSec explaining that it had purchased an “initial foothold” from a hacker with extensive knowledge of NASA’s servers in 2013. Once acquired, the group then proceeded to experiment to see how many computers they could break into. Among other things, the hacker group discovered that the admin credentials required for NASA computers and servers were amazingly left at default. This enabled the hackers to infiltrate the network in no time and ascertain even more login credentials by using a hidden packet sniffer.

The infiltration lasted several months and the hacker group continued to terrain NASA’s internal network. The hackers were able to ascertain a plethora of public and private missions. They were also able to map airbases and aircraft along with video footage pertaining to Global Hawk drones. A polar research mission called Operation Ice Bridge from 2012-13 was also looked into.

The hackers even managed to infiltrate several research centers and a space flight center to gain admin root access to three network-attached (NAS) devices that were used to compile backups of aircraft flight logs. When the hackers stumbled upon the NAS drives, they were able to deduce that the data looked into contained pre-planned route files for NASA’s $222 million Global Hawk drone. Whenever a drone mission took flight, NASA’s drone operators were uploading specific flight paths to the tapped NAS drives. The hackers now had the means to replace the route files for the drones, rendering it to deviate from its preset flight paths.

Amazingly, the hacker group even tried to crash the drone into the Pacific Ocean. However, the hackers allege that drone operators in NASA’s ground control caught wind of the fact that the drone deviated from its original path. The operators were able to save the drone from hitting the Pacific by manually taking over the controls, according to AnonSec.

Image credit: NASA.