Was the NASA Hack Real and What It Has Taught Us

Like everyone, hackers are looking for their moment of glory. Perhaps, this explains their constant interest in the well-known and big names: CIA, Pentagon, White House… And not so long ago the NASA’s turn has come. Apparently, not for the first time.

The group of hackers AnonSec, which includes representatives of different countries, states that the hack occurred as far back as spring 2015. But they’ve managed to get this information across general public network only last February.

If to believe hackers, the NASA server had been infected with the Trojan virus Gozi since 2013. AnonSec simply bought the access rights from the virus developers. The authentication security of the server turned out to be so weak that the brute force password cracking software found the first combination to get root-access in 0.32 seconds.

NASA hack

It must be noted that the AnonSec is a fairly widespread category of ideological hackers rather than regular cyber-crooks who hack different resources just to earn some money.

In particular, the purpose for hacking NASA servers was to obtain information on the weather control projects. According to the hackers, these projects are actively supported by the US government. The problem is that such experiments can do a great harm to the health of people in the entire region and affecting the quality of crops. This is due to the fact that in the conditions of the climate changes some native plants start growing poorly. Thus, the farmers are forced to use genetically modified seeds. And the negative influence of the genetically modified plants on the health has been proven long ago.

Although previously NASA actually worked on the development of the climate change programs, the AnonSec hackers failed to find any evidence that it’s being done now.

But en route, the hackers got access to the control over an intelligence drone Global Hawk. In this case, a drone is not a small amateur toy to play with. It is a large aircraft able to carry out flights all day long. Such a toy costs more than $220 million.

However, the data protection at the Global Hawk appeared to be not up to par. The hackers nearly drowned the drone in the Pacific Ocean, but having noticed the change of the course an engineer of the flight control center switched the drone into manual control and thus prevented an accident.

NASA drone hack

AnonSec team seeded a 276 GB Torrent archive that includes hundreds of videos from the UAV and weather radars, more than 2 thousand logbooks, real names, and email addresses and phone numbers of about 2.5 thousand NASA’s employees.

Although the incident occurred about a year ago, the agency has not provided any official confirmation on it: large security-guarded organizations do not like to admit their mistakes.

Moreover, the mass media, which the hackers addressed in order to spread information about hacking the NASA’s holy of holies, refused to publish it. Just last February the InfoWars published a report by the AnonSec.

Only after these publications broke out in the network, NASA started responding. But, of course, it has not confirmed their servers have been hacked. According to the official commentary, it was the NASA’s choice to put all the above-mentioned data for public access. They even provided the addresses of the sources the data had been taken from.

Although the agency has not acknowledged the drone hacking, just a few days later it eliminated the vulnerability the hackers used to enter the system. According to AnonSec, the hackers failed to follow a beaten path the second time.

So was NASA really hacked or not? In any case, this information is a good occasion to think about the importance of data protection in the digital environment.

Which data protection means can prevent such incidents? First of all, it is a reliable authentication protection. Since, according to the hackers, NASA was hacked via the administrator account.

The possibilities offered by a modern two-factor authentication can completely prevent unauthorized access to any device or account. 2FA is not only about one-time passwords, but a full package of measures and means that make the authentication of the client much more reliable. For more accurate authentication, we recommend using the CWYS (Confirm What You See) function, smart identification, and the hardware OTP tokens. Strengthened by these elements, 2-factor authentication provides a high level of information security.

Keep in mind that data protection is never superfluous. As mentioned above, no one is immune from hacking neither the CIA Director nor NASA.

Pictures by www.nasa.gov, www.space.com, sputniknews.com

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates from our team.

You have Successfully Subscribed!

Author: Anna

If you have any questions about two-factor authentication and Protectimus products, ask Anna, and you will get an expert answer. She knows everything about one-time passwords, OTP tokens, 2FA applications, OATH algorithms, how two-factor authentication works, and what it protects against. Anna will explain the difference between TOTP, HOTP, and OCRA, help you choose a token for Azure MFA, and tell you how to set up two-factor authentication for Windows or Active Directory. Over the years with Protectimus, Anna has become an expert in cybersecurity and knows all about the Protectimus 2FA solution, so she will advise on any issue. Please, ask your questions in the comments.

Share This Post On

Submit a Comment

Your email address will not be published. Required fields are marked *

Subscribe To Our Newsletter

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates from Protectimus blog.

You have successfully subscribed!

Share This