Hacking group claims to have cracked NASA drone
- By Zach Noble
- Feb 01, 2016
A hacker group said it took control of a NASA drone and stole data from its system, but the space agency is denying the claims.
On Jan. 31, the hacking group AnonSec published some 250 GB of data and a 300-page "zine" detailing its alleged months-long exploitation of NASA systems and its attempt to crash a multimillion-dollar Global Hawk drone into the Pacific Ocean.
"Several members were in disagreement on this because if it worked, we would be labeled terrorists for possibly crashing a $222.7 million U.S. drone," the hackers wrote. "But we continued anyways."
According to the hackers, it was only after they attempted to send a Global Hawk on a suicide run over the ocean that NASA caught on and booted them out.
NASA denied AnonSec's hacking claim altogether.
"Control of our global hawk aircraft was not compromised," the agency told FCW in a statement.
AnonSec also claimed to have captured hundreds of flight videos and thousands of flight logs, as well as phone numbers and email addresses for 2,414 NASA employees.
NASA did not address these details specifically, but said that this information could have been public.
"NASA has no evidence to indicate the alleged hacked data are anything other than already publicly available data," the statement said. "NASA takes cybersecurity very seriously and will continue to fully investigate all of these allegations.
Paul Martin, NASA's inspector general, has warned in the past that NASA's broad attack surface presents a juicy target for all types of hackers, from script kiddies to state-sponsored actors.
"This is still at the claims level," said James Scott, co-founder of the Institute for Critical Infrastructure Technology. "It may be difficult for security experts to corroborate or disprove the hacktivists' claims because the group claims to have deleted indicators of their presence on the network."
Scott, who helped write the book
on hacking groups, said NASA ought to have tough defenses.
"It's hard to believe that NASA hasn't made use of a virtually unlimited budget to allocate funds to create the most technologically sophisticated cyber-barricade around their techno-infrastructure," Scott said, adding that conducting ongoing penetration testing, tracking user behavior analytics and changing default passwords could have helped thwart the assault, if it really occurred.
AnonSec claimed it gained access to NASA systems by purchasing a foothold from another actor. It's unclear how that actor gained the alleged foothold in the first place.
AnonSec credited a lack of monitoring and the fact that a privileged-user account still relied on default credentials for its ability to expand through NASA systems, eventually gaining access to drone logs and realizing it could upload new courses for drones.
The zine heaped derision on NASA's IT posture -- "They have many [Windows] XP and unpatched Ubuntu servers" -- but also notes that NASA isn't unique.
The conspiracy theory site Infowars first picked up coverage of the incident. The zine and files were made available on document and media dump sites such as Pastebin, though moderators had taken down at least one posting on Feb. 1.
This article was updated Feb. 2 to include a statement from NASA.
Zach Noble is a former FCW staff writer.