⬆️ ⬇️

Hackers claim to have hacked into NASA’s security system and gained control of a drone worth $ 222.7 million

Welcome readers of the blog iCover ! AnonSec, an international hacker team, said it was able to crack the National Aeronautics and Space Administration (NASA) security system. As evidence, hackers published a photo-video archive of 276 Gb borrowed from the agency’s servers. According to AnonSec, access was also received to the Global Hawk drone flight program management system worth $ 222.7 million, after which the latter was sent to the waters of the Pacific Ocean.



image



“OpNasaDrones” was the title of the new edition of its own ezin, published by hackers on PasteBin . On the pages of the magazine AnonSec told in detail about the motives of hacking and how exactly they managed to hack NASA security system again.



“NASA has been hacked many times already, most of us won't even say exactly how much,” hackers write. - Initially, we did not focus on these UAVs and chemical samples of the upper atmosphere. We didn’t even plan to penetrate NASA systems, it’s them that in 2013 picked up the Gozi Trojan ”. Thus, as noted in the publication by the representative of the international “brigade” AnonSec, which unites the hackers of Great Britain, Germany, Japan, Malaysia, Morocco, Indonesia, India, Pakistan, Iraq, Italy, Romania and Latvia, the latter to the creators of the Trojan who infected more 1 million computers, had nothing to do. Access to infected NASA servers from its developer was purchased and became the main entry point, which allowed to move in the right direction.

')

The next step was to establish the number of such servers on the NASA network that can be hacked and then get root access rights. “You would be surprised to find out how professional the government’s security standards are, the budget allocated for these goals and the confused employees assigned to control the computer network are low ...” - notes the author of the publication AnonSec, accompanying his words in a chat with an online edition journalist A mocking “trademark” emoticon.



image



From the words of AnonSec, the security of NASA servers really left much to be desired: by running brute force, the hackers discovered the first combination of the root username and password after 0.32 seconds. At the next stages, they were able to easily get into the department’s internal network, having received root access, including access to network data storages. After intercepting the system administrator's password, according to the hackers, they were able to get full access to the three network-attached storage devices (NAS), which compiled backup copies of flight logs of aircraft. The wealth of steel hackers and materials of the John Glenn Research Center, the Center for Space Flight. R. Goddard and Flight Research Center. Dryden. Thus, among the information to which unrestricted access was obtained turned out to be data delivered from the air transport departments for several years.



Motivation



As hackers describe the goals and mission of this hacking: “One of the main goals of our operation is to clarify issues related to NASA research on cloud sowing, geo-engineering and weather management. You can call it whatever you want, in essence, it’s the same thing. Up to this point, NASA has already conducted a series of tests on the study of aerosols and their effect on weather and the environment. And we thought it was worthwhile to concentrate efforts in this direction ... ”- AnonSec narrates.



The method of weather correction using silver iodide to precipitate precipitation in the clouds was used by the US military as part of Operation Operation Popeye during the Vietnam War. Then, after sowing the clouds in the northern part of the country, which led to intense rainfall, US N units were able to block the supply of food and ammunition desperately resisting Viet Cong. According to information provided by NASA expert Eric Conway (Erik Conway), one of the applications of the technology involves “injection of sulfate particles into the upper atmosphere, which essentially simulates a massive volcanic eruption and creates a barrier to the reflection of sunlight from the planet.”



A survey conducted by NASA experts among the leading climatologists of the planet indirectly outlined priorities in the development of this direction, but from a slightly different angle: “Just over half - 54% - of the 80 international climatologists who participated in our survey agreed that the present time is so heavy that we would not have been prevented by a contingency plan involving artificial manipulation of the global climate to combat the effects of anthropogenic greenhouse gas emissions ”- say The article in Climate scientists: it's time for 'Plan B' , published in Independent back in January 2009.



“We are confident that many people still do not even suspect that research is actually being conducted on behalf of the federal government, although it is well known that the CIA has funded research that has been going on for several years and aimed at studying the effects of climate change on the territory of entire states”, says the publication on behalf of AnonSec.



According to hackers, the US government actively supports NASA projects involving the spraying of heavy metals in the atmosphere to stimulate rain or, conversely, to disperse clouds, which is very likely to have a very negative impact on the health of the population of entire regions, the quality and safety of crops. Since plants that are not subject to special treatment under new conditions are developing with difficulty, farmers are forced to purchase genetically modified “seed –Terminators” (AnonSec term), which stimulates the monopoly of GMO seed producers in the market. This and other cited arguments explain the motives of AnonSec, which refers to several reports and patents as evidence of the development by the agency of artificial weather correction programs on the planet.



Although, according to information received earlier, NASA did work with projects to sow the upper atmosphere and study the effects of such “cultivation”, there is no evidence that at the time of the hacking the agency is actually working out a unified and coordinated global program and conducting active research in this direction by hackers not received and submitted.



Global Hawk for $ 222.7 million comes under the control of AnonSec



During the experiment, according to representatives of AnonSec, they were also able to get access to information related to the ambitious projects of the Global Hawk drones, worth more than $ 220 million and the mission OIB ( Operation Ice Bridge ).



Despite the impressive flight and technical characteristics (the Global Hawk reconnaissance UAV is able to spend up to 24 hours in the air), with the level of protection of confidential data from a drone, according to AnonSec hackers, things are worse than ever. Hackers drew attention to the fact that NASA engineers for most missions, as a rule, load pre-calculated flight plans in the format of .gpx files into the onboard computer of the UAV. Using the information received, the hackers conducted a man-in-the-middle attack that allowed them to reprogram the Global Hawk flight plan to a new route, sending the drone straight into the waters of the Pacific Ocean. With a high degree of probability, the situation would have developed according to the scenario proposed by AnonSec and Global Hawk and would not have gone on its next flight with a new mission, but one of the NASA engineers drew attention to the strange behavior of the drone, and put it into manual control mode.



The screen shot below shows a promising flight path of a drone along a route corrected by hackers (according to AnonSec).



image



Only after the incident, NASA employees suspected that someone else had control over their networks. Although the situation described occurred in the spring of 2015 (screen shot below), no official comments from the agency for obvious reasons have yet been received.



image



They refused to publish information about the incident in the publications of Wikileaks and The Guardian, with which AnonSec came in contact. And relatively recently, on January 31, 2016, a fairly comprehensive “report” on the work done by the AnonSec team that covered the leak agreed to publish on the pages of the InfoWars publication. Hackers insist that the information provided in the 276 - gigabyte archive and now distributed through torrents is genuine. And this is, without a doubt, 631 videos from UAVs and meteorological radars, 2,143 logbooks, original names, email addresses and telephone numbers of 2,414 departmental employees. Although there are skeptics who are convinced that the AnonSec raid is nothing more than a talented PR campaign, the aforementioned drone was under the control of NASA mission all the time, and all data collected in the archive, including personal data of agency staff, can be easily found in the public domain .



image



image



Developing the AnonSec version: “Soon after the alleged episode, the vulnerability was eliminated. Whether NASA experts prompted active actions to make an episode with a UAV, or is it suspiciously high traffic through compiled networks when collecting information about flight logs is hard to say, ”hackers say. One way or another, attempts to enter the system along the beaten path several days after the episode failed.



image



So, if we discard the version of artificially raising the popularity rating of the brigade from AnonSec in such a non-standard way, the huge amount of confidential information from NASA was lost. And, first of all, these are flight logs with video files, flight routes, aircraft models, mission names, sensor readings and GPS coordinates.



As noted on the page of the Internet publication InfoWars, its employees contacted representatives of the IT security department of NASA, but did not meet with any interest in commenting on the situation in connection with the leak. Refused to comment on the appeal of online journalists by phone or e-mail and the FBI. The situation is interesting with the published phone numbers of the agency's employees, which InfoWars journalists selectively called through. And although it was not possible to communicate with any of the subscribers on the other end of the line, the answering machine confirmed the correspondence of the numbers to their owners listed on the AnonSec list - the publication notes.



Source 1

Source 2




Dear readers, we are always happy to meet and wait for you on the pages of our blog. We are ready to continue to share with you the latest news, review materials and other publications, and we will try to do everything possible so that the time spent with us will be useful for you. And, of course, do not forget to subscribe to our headings .



Special selection of gifts for February 23 and March 8 from iCover



Our other articles and events



Source: https://habr.com/ru/post/390055/



All Articles