NASA Denies Hackers Hijacked Its Drone - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Government // Cybersecurity
03:16 PM
Connect Directly

NASA Denies Hackers Hijacked Its Drone

The space agency insists AnonSec didn't commandeer a NASA Global Hawk drone, but it's still looking into claims its network was hacked.

10 Signs You're Not Cut Out To Work At A Startup
10 Signs You're Not Cut Out To Work At A Startup
(Click image for larger view and slideshow.)

Hacking group AnonSec claims to have breached NASA's network and to have temporarily gained partial control of a NASA Global Hawk drone. The group says that two years ago it bought access to a NASA server from an individual identified as "Ghosts" (鬼佬) and, after months of network reconnaissance, managed to upload a .GPX file containing a pre-planned flight path -- for autopilot and connection failover -- to a NASA drone. The group speculates that its attempt to crash the drone failed because of pilot intervention.

To support its claim, AnonSec says it has posted 250GB of data exfiltrated from NASA servers.

Allard Beutel, acting director of NASA's news and multimedia division, in an email denied the group's assertions about the drone, and said the alleged breach is being investigated.

"Control of our Global Hawk aircraft was not compromised," said Beutel. "NASA has no evidence to indicate the alleged hacked data are anything other than already publicly available data. NASA takes cybersecurity very seriously and will continue to fully investigate all of these allegations."

Beutel added that NASA makes its scientific data publicly available, and that appears to be how the posted data was retrieved.

AnonSec acknowledges that at least some of the data posted is public, but the group claims it "wanted access to the raw data, straight from the backend servers, to see if they [NASA] were not publishing some of the data or possibly tampering with the data."

(Image: NASA Photo/Tom Miller)

(Image: NASA Photo/Tom Miller)

The group says one of the reasons it undertook its supposed infiltration was to bring awareness to government weather engineering research, which it considers sinister and related to efforts to promote corporate agribusiness and genetically modified organisms. The group stops short of proposing a specific conspiracy theory, noting that possible motives for geo-engineering range from "logical" to "a bit of a stretch."

NASA's claim that AnonSec posted purely public data also appears to be a bit of a stretch. For example, the hacking group posted a text dump of contract details for 2,414 NASA employees. NASA does offer an online directory but only to authorized NASA personnel. While it's plausible that AnonSec could have scraped websites for email addresses and phone numbers in order to present them as purloined data, a hack seems more likely, particularly in light of other details provided, like the use of weak passwords.

AnonSec claims to have identified several Ubuntu 3.8.0-29 systems on NASA's network that were vulnerable to a local root exploit, CVE-2014-0038. By exploiting this vulnerability, the hacking group claims it accessed a specific administrator's workstation and then was able to expand its access by exploiting the same vulnerability in other systems that had not been patched.

[Read OPM Breach Leads to New Systems, Procedures.]

AnonSec even offers some well-chosen words of advice to IT administrators. "People might find this lack of security surprising but its [sic] pretty standard from our experience," the group says in its post. "Once you get past the main lines of defence, its [sic] pretty much smooth sailing propagating through a network as long as you can maintain access. Too many corporations and governments focus 99% on preventing intruders instead of having viable solutions once there is a security breach, which is guaranteed to happen."

But it's not guaranteed to be proven.

Are you an IT Hero? Do you know someone who is? Submit your entry now for InformationWeek's IT Hero Award. Full details and a submission form can be found here.

Thomas Claburn has been writing about business and technology since 1996, for publications such as New Architect, PC Computing, InformationWeek, Salon, Wired, and Ziff Davis Smart Business. Before that, he worked in film and television, having earned a not particularly useful ... View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Oldest First  |  Newest First  |  Threaded View
Charlie Babcock
Charlie Babcock,
User Rank: Author
2/2/2016 | 9:47:38 PM
When it's necessary to read between the lines....
Good reading between the lines to estimate what actually happened in the NASA drone incident.
User Rank: Ninja
2/3/2016 | 9:53:36 AM
Re: When it's necessary to read between the lines....
@Charlie Babcock - could not agree more, this days it interesting reading between the lines... but it sad reality of technology - as everything could be used for good or bad... even drones.... 
Think Like a Chief Innovation Officer and Get Work Done
Joao-Pierre S. Ruth, Senior Writer,  10/13/2020
10 Trends Accelerating Edge Computing
Cynthia Harvey, Freelance Journalist, InformationWeek,  10/8/2020
Northwestern Mutual CIO: Riding Out the Pandemic
Jessica Davis, Senior Editor, Enterprise Apps,  10/7/2020
White Papers
Register for InformationWeek Newsletters
Current Issue
[Special Report] Edge Computing: An IT Platform for the New Enterprise
Edge computing is poised to make a major splash within the next generation of corporate IT architectures. Here's what you need to know!
Flash Poll