Hacking group AnonSec claims to have breached NASA's network and to have temporarily gained partial control of a NASA Global Hawk drone. The group says that two years ago it bought access to a NASA server from an individual identified as "Ghosts" (鬼佬) and, after months of network reconnaissance, managed to upload a .GPX file containing a pre-planned flight path -- for autopilot and connection failover -- to a NASA drone. The group speculates that its attempt to crash the drone failed because of pilot intervention.
To support its claim, AnonSec says it has posted 250GB of data exfiltrated from NASA servers.
Allard Beutel, acting director of NASA's news and multimedia division, in an email denied the group's assertions about the drone, and said the alleged breach is being investigated.
"Control of our Global Hawk aircraft was not compromised," said Beutel. "NASA has no evidence to indicate the alleged hacked data are anything other than already publicly available data. NASA takes cybersecurity very seriously and will continue to fully investigate all of these allegations."
Beutel added that NASA makes its scientific data publicly available, and that appears to be how the posted data was retrieved.
AnonSec acknowledges that at least some of the data posted is public, but the group claims it "wanted access to the raw data, straight from the backend servers, to see if they [NASA] were not publishing some of the data or possibly tampering with the data."
The group says one of the reasons it undertook its supposed infiltration was to bring awareness to government weather engineering research, which it considers sinister and related to efforts to promote corporate agribusiness and genetically modified organisms. The group stops short of proposing a specific conspiracy theory, noting that possible motives for geo-engineering range from "logical" to "a bit of a stretch."
NASA's claim that AnonSec posted purely public data also appears to be a bit of a stretch. For example, the hacking group posted a text dump of contract details for 2,414 NASA employees. NASA does offer an online directory but only to authorized NASA personnel. While it's plausible that AnonSec could have scraped websites for email addresses and phone numbers in order to present them as purloined data, a hack seems more likely, particularly in light of other details provided, like the use of weak passwords.
AnonSec claims to have identified several Ubuntu 3.8.0-29 systems on NASA's network that were vulnerable to a local root exploit, CVE-2014-0038. By exploiting this vulnerability, the hacking group claims it accessed a specific administrator's workstation and then was able to expand its access by exploiting the same vulnerability in other systems that had not been patched.
AnonSec even offers some well-chosen words of advice to IT administrators. "People might find this lack of security surprising but its [sic] pretty standard from our experience," the group says in its post. "Once you get past the main lines of defence, its [sic] pretty much smooth sailing propagating through a network as long as you can maintain access. Too many corporations and governments focus 99% on preventing intruders instead of having viable solutions once there is a security breach, which is guaranteed to happen."
But it's not guaranteed to be proven.