The Group of hackers Anonsec comes to claim the theft of hundreds of gigabytes of data relating to flights from the Nasa Global Hawk drones. These large unmanned, at 222.7 M$ piece, are used by the United States Agency to perform various measurements in the atmosphere. They are obviously unarmed. More ominously, the hackers completed their computer raid by a sabotage attempt. They prepared a flight plan that was to lead the Global Hawk a crashing in the Pacific Ocean. A flight plan that has strong fortunately was not followed by the drone to the end!
A Trojan horse on a PC gave access to three NASA research centers to hackers
When you think Nasa, imagine supercomputers among the most powerful in the world, best it professionals and security without fault. This is the case, at least in part. The story of the attack by hackers of the group “Anonsec” shows that it is nothing. They simply bought on the black market access to a position that is infected by a Trojan, virus Gozi. Without interest, this machine has only access rights very limited in the information of the Nasa system. It is a machine under Linux Debian, an updated version but hackers will nevertheless use faults (“2014 bypasses” and “symlink”) which will allow them to install their tools on this machine. The worm is now in the fruit.
Therefore, they manage to map the internal network and test all trivial passwords on machines and equipment encountered networks. Arrived at this stage, the hackers claim access on machines of 3 centres of NASA: Glenn Research Center, Goddard Space Flight Center and Dryden Flight Research Center. This is Dryden that are notably based the 2 American drone Global Hawk that operates the space agency. The hacker will glean information on multiple research programs, priori nothing very confidential. A NASA_Aircrafts.txt file recalls the fleet of aircraft available to NASA; the Gulfstream III (C – 20A) named Armstrong, GlobalHawk #871 and GlobalHawk #872, two ER-2 #806 and #809 (the version civilized of the famous U-2), a large four-engined P – 3 B Orion and finally a DC-8.
250 GB of data collected by the drones have been uploaded during the attack
The hackers then continue their infiltration of the network of Dryden. 2 Ubuntu Linux machines that had not been revealed by their first scans will catch their attention. They will arrive to take control and on one of them appear the network of video surveillance of the centre plans. A system that they consider as extremely vulnerable. The other machine is connected to 3 units of storage model Western Digital My Book World Edition. “General public” external hard drives which are used to store backups of all data collected by the drones of NASA. Default passwords do not work, which shows a minimum security concerns, however this NAS firmware is afflicted a flaw that hackers will exploit to access the stored data. Data they will obviously plunder by downloading more than 250 GB of files.
Parsing logfiles of drones, hackers come to the conclusion that at the end of each flight all data are downloaded to the ground but also as a .gpx file is loaded into the drone. Their conclusion is that it is the flight plan for the next mission. They then decide to create a flight plan that must rush the Global Hawk in the Pacific. An attempt to attack MitM (Man in the Middle) who fortunately hackers believe that the drone has indeed taken off with his fatal flight plan, but that the operator had to understand that it was an issue. He amended the flight plan or piloted Global Hawk to good port.
Following this event, has NASA understood that its Global Hawk has been the subject of an attack? Nothing has filtered, however the network compromised by AnonSec is now closed.
Translation : Bing Translator
Source : “OpNasaDrones”, feed posted on cryptobin, password : “anonsec”