NASA sites hacked, Zone-H says

Computerworld - Thirteen NASA Web sites were defaced this morning by a Brazilian crew dubbed drwxr, according to a statement from Zone-H, an organization that monitors hacking.
Zone-H said the defacer apparently modified the index pages on the sites to express his opinion about the war, leaving the message "The war in iraq, kill is a play!" and linking to a CNN video showing U.S. soldiers killing an Iraqi and cheering.
The main NASA Web site, www.nasa.gov, did not appear to be among those hit by the attack. It was still available today online.
Zone-H, citing Netcraft Ltd., a British Internet consultancy, said the sites were running the Apache 1.3.27 Web server with PHP (an open-source scripting language often used to create dynamic Web pages) and several Apache modules on a Linux system.
"We can suppose that the server was remotely compromised using a vulnerability in a PHP script, then the defacer probably gained root privileges using the local root exploit for the Linux kernel 2.4.22 [and earlier] published by iSEC Security Research last week."
Zone-H posted an example of the defaced pages at its site.
NASA spokesman Brian Dunbar confirmed that the sites had been hacked and defaced and said the agency had taken them offline. He declined to comment further, saying NASA didn't comment on security-related issues.
The hacked NASA Web sites include its Computing, Information and Communications Technology Program site, www.cict.nasa.gov; the NASA Advanced Supercomputing Division (Numerical Aerospace Simulation Systems Division), www.nas.nasa.gov; the NASA Information Power Grid, www.ipg.nasa.gov; and the NASA Research & Education Network, www.nren.nasa.gov.

Read more about Cybercrime and Hacking in Computerworld's Cybercrime and Hacking Topic Center.