NASA Denies Iranian Hacker's SSL Certificate Breach Claims

Tuesday, May 29, 2012



Officials at NASA have officially denied that the agency's systems were breached by an Iranian hacker group identified as the "Cyber Warriors Team."

The group had claimed to have compromised a digital SSL certificate issued to the Research and Education Support Services division of the space agency after having coded an HTTPS protocol scanner to find weaknesses in the website.

Digital certificates are used by internet browsers to recognized legitimate websites and protect surfers from inadvertently exposing themselves to malware, phishing scams, impostors and spoofed landing sites.

The hackers had asserted their claim in a broken-English Pastebin posting last week which stated:

"This message is not Warning . This is fact Of Hack SSL certificate From Iranian Hackers. I explain for You The details.Full details and more,we Send for NASA ( With Images and data source). We succeeded To write ( programming ) a https Protocol Scanner under DOS Service ( Sent the sources used ).One of the reasons The Problem ,Problem was in installing the SSL Service. We were exploring and use  Of You Holes in https Protocol."

NASA says they are continuing to investigate the legitimacy of the claims, but have so far determined that the agency's systems were not compromised.

"Although the investigation is ongoing, all results thus far indicate that the claims are false... At no point were any sensitive, mission, or classified systems compromised," NASA spokeswoman Beth Dickey said.

NASA's denial of the breach is consistent with analysis presented by Kaspersky's Kurt Baumgartner last week.

"At this point, the related Pastebin post maintains crazy talk and nothing of substance, unless NASA confirms otherwise," said Baumgartner.

Previously,  a group which identifies itself as "The Unknowns", says it had gained access to the systems of multiple government, military, and private organizations which included NASA's and the ESA.

NASA subsequently acknowledged they detected a network intrusion event at the agency's Glenn Research Center.

“NASA security officials detected an intrusion into the site on April 20 and took it offline. The agency takes the issue of IT security very seriously and at no point was sensitive or controlled information compromised. NASA has made significant progress to better protect the agency’s IT systems and is in the process of mitigating any remaining vulnerabilities that could allow intrusions in the future,” ZDnet had reported a NASA spokesperson as stating.

The hackers apparently exploited a common vulnerability that is avoidable with proper secure coding techniques, according to an ESA security official.

“The group used SQL injection… The use of SQL injection is an admitted vulnerability. This needs to be addressed at a coding level,” the official told ZDNet UK.

The group originally claimed to have breached ten organizations, subsequently posting administrative account login information as well as releasing the personal information of employees from some of the targets.

The hackers also posted screenshots of their intrusions and what was characterized as military files for access on MediaFire in an effort to support their claims.

Another Pastebin message posted by the group attempts to explain their motivations for the attacks and attempts to distance their actions from those of other rogue groups like Anonymous.

Possibly Related Articles:
SSL Digital Certificates NASA Headlines Network Security hackers breach The Unknowns Cyber Warriors Team
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.