NASA and the European Space Agency have confirmed they both suffered network intrusions which correspond with claims a hacker group made in a Pastebin posting.
The group, which identifies itself as "The Unknowns", says it had gained access to the systems of multiple government, military, and private organizations which included NASA's and the ESA.
NASA has since acknowledged they detected a network intrusion event at the agency's Glenn Research Center.
“NASA security officials detected an intrusion into the site on April 20 and took it offline. The agency takes the issue of IT security very seriously and at no point was sensitive or controlled information compromised. NASA has made significant progress to better protect the agency’s IT systems and is in the process of mitigating any remaining vulnerabilities that could allow intrusions in the future,” ZDnet had reported a NASA spokesperson as stating.
The hacker apparently exploited a common vulnerability that is avoidable with proper secure coding techniques, according to an ESA security official.
“The group used SQL injection… The use of SQL injection is an admitted vulnerability. This needs to be addressed at a coding level,” the official told ZDNet UK.
The group originally claimed to have breached ten organizations, subsequently posting administrative account login information as well as releasing the personal information of employees from some of the targets.
The hackers also posted screenshots of their intrusions and what was characterized as military files for access on MediaFire in an effort to support their claims.
ZDnet's Emil Protalinski reported that the group may have been posting old data previously breached in an effort to gain a following, and that there may be little truth to their claims of new breaches.
"I’m hearing that The Unknowns may be trying to use an old hack to gain Twitter followers. Some of the leaked documents are indeed several years old, but there are also a few from earlier in 2012," Protalinski wrote.
The confirmation of network intrusions by NASA and the ESA has laid that rumor to rest. Other targets of the hacker group include:
- US military
- US AIR FORCE
- Thai Royal Navy
- Renault Company
- French ministry of Defense
- Bahrain Ministry of Defense
- Jordanian Yellow Pages
The original claims made by the The Unknowns were made in a Pastebin post which included the following statement:
"Victims, we have released some of your documents and data, we probably harmed you a bit but that's not really our goal because if it was then all of your websites would be completely defaced but we know that within a week or two, the vulnerabilties we found will be patched and that's what we're actually looking for. We're ready to give you full info on how we penetrated threw your databases and we're ready to do this any time so just contact us, we will be looking forward for this."
Another Pastebin message posted by the group attempts to explain their motivations for the attacks and attempts to distance their actions from those of other rogue groups like Anonymous:
"We are a new hacker group, we have never been in any hacking team before. We are not Anonymous Version 2 and we are not against the US Government. We can't call ourselves White Hat Hackers but we're not Black Hat Hackers either..."
"Now, we decided to hack these sites for a reason... These Websites are important, we understand that we harmed the victims and we're sorry for that - we're soon going to email them all the information they need to know about the penetrations we did. We still think that what we did helped them, because right now they know that their Security is weak and that it should be fixed."
"We wanted to gain the trust of others, people now trust us, we're getting lots of emails from people we never knew, asking us to check their website's security and that's what we want to do. Our goal was never to harm anyone, we want to make this whole internet world more secured because, simply, it's not at all and we want to help."
We don't want revolutions, we don't want chaos, we just want to protect the people out there. Websites are not secured, people are not secured, computers are not secured, nothing is... We're here to help and we're asking nothing in exchange.
"And now, we are happy to inform you that most of the links we used to penetrate threw the databases, have been patched. This is exactly what we where looking for. This is what we want. For all our supporters out there; Thank you, help us to spread the word, help us to make this internet world more secured."
Needless to say, it is likely similar intrusions will be made by the group in the future.