Hackers claim to have hacked NASA, hijacked one of its drones
AnonSec hackers claim that they have breached a number of NASA’s systems, and they have published a data trove containing video recordings made by the agency’s aircrafts and drones, the drone’s flight logs, and the names, email addresses and telephone numbers of some 2,400 agency employees.
They apparently attempted to interest The Guardian and WikiLeaks into analyzing the stolen info and publishing the results, but after having received no answer, they decided to do it themselves by torrenting the dump.
The leak was accompanied by an extensive document describing the things they had to do to compromise NASA’s systems (attacks and exploits) and the extent of the compromise.
They claim to have bought their way into the network from another hacker got the Gozi virus into one of NASA’s systems, and then, with time, managed to move laterally within the networks, and also to compromise three NAS (Network Attached Storage) devices. The intrusion dates back to 2013, they say.
They breached the networks of the agency’s Glenn Research Center, Goddard Space Flight Center, and Dryden Flight Research Center.
They also attempted and apparently succeeded in taking temporary (“semi-partial”) control of one of NASA’s Global Hawk drones:
“After countless months of successfully retrieving NASA Drone logs automatically, we noticed some weird traffic. Everytime the GlobalHawk’s would return to base for maintenance and uploading data/recordings… a single .gpx file was POST/pushed sometimes to them. Which meant the GlobalHawk’s didnt only receive live directions from pilots via SatComs, but also had a pre-planned route option that could be uploaded to it before takeoff (probably for automated flights and as a backup if pilots SatCom connection fails)… and over FUCKING WLAN!!!” they wrote.
“So we decided to do something much more sinister… we created out own .gpx file and setup a MitM to replace their file with our own. Several members were in disagreement on this because if it worked, we would be labelled terrorists for possibly crashing a $222.7 million US Drone… but we continued anyways lol.”
“Whether it was the high amount of traffic sending drone logs across their compromised network or the attempted crashing of a GlowbalHawk that caused them to FINALLY inspect their networks, we dont know. But it went down for a while soon after,” they shared.
“When they came back up several days later, we had completely lost access. Not only were we no longer receiving rsync backups over SSH. They also had removed ALL our .php & .aspx backdoors and changed pretty much every single login credential, from ftp to http.”
The ultimate goal of the hackers was to find evidence that NASA was involved in “Chemtrails/CloudSeeding/Geoengineering/Weather Modification,” but apparently they found none.