It seems that hardly a day passes without hearing of another breach, but what is unique about the high profile ESA breach was that it was allegedly an anniversary hack.
Anniversary celebrations come in all forms, but this weekend a grey hat hacker chose to observe the anniversary of Apollo 13 by hacking the European Space Agency (ESA) website.
A Romanian grey hat hacker who goes by the online alias of TinKode is claiming to have hacked into www.esa.int and then leaked a list of FTP accounts, email addresses and passwords for administrators and editors, reported Softpedia. The hack was supposed to "mark the anniversary of the Apollo 13 crew's safe return to Earth on April 17, 1970, after failing to land on the Moon." 13 FTP accounts were leaked to match the Apollo 13 mission number.
TinKode posted a full disclosure of the attack on his security blog where he also mentioned the ESA has a staff of more than 2,000, is an intergovernmental group made up of 18 member states which are dedicated to space exploration, and has a 2011 budget of $5.65 billion dollars.
TinKode has not publically disclosed the method used to hack the ESA site. However, his disclosure consists of the main server information and information about root, database, admin, editor and FTP accounts.
In the list of username and email accounts, TinKode partially hid passwords but included hundreds of proxy usernames and passwords. Some of the email addresses appear to be linked to the CERN science institute which deals with the European Organization for Nuclear Research, the ESO, BAE defense systems, and various universities. The ESA logs include calibration sources, instruments, maneuvers, satellite activities, mission events, anomalies, and environmental details.
TNW Europe noted that TinKode had reported the breach to the ESA.
TinKode has demonstrated many vulnerabilities in other high profile sites such as the SQL injection into MySQL.com. Other targets he's hit before include several of NASA's websites, as well as websites belonging to the U.S. Army Civil Affairs & Psychological Operations Command, the U.S. Army 470th MI Brigade, the National Weather Service (NOAA), the Royal Navy, Reuters, Kaspersky Portugal, and Sun Microsystems (now Oracle), Google, and YouTube. According to his site, he also developed a proof-of-concept ISR Trinity Bomb DDoS Tool and targeted the websites of the Pentagon and BackTrack Linux for testing purposes.
ESA's main website is still up and running. The organization has not confirmed the hack is genuine. Hacking Expose quoted security firm Sophos as saying, "Hopefully the ESA is changing its passwords and looking at its website security as a matter of some urgency. If users are using the same password in multiple places then they would be wise to adopt a more sensible password policy ASAP."
The ESA has a history of collaborating with NASA, the Chinese and Russian Space Agencies, and participating in the International Space Station program.