Hackers claim to have hijacked NASA's Global Hawk drone; NASA says not true

AnonSec claims it hacked NASA and took control of a Global Hawk drone to crash it in the Pacific; NASA says it's not true.

Since hacking NASA is supposedly cliché, the hacking group AnonSec claims to have not only hacked NASA and stay undetected for about two years, but to have also hacked one of NASA’s drones, Global Hawk, with the intent of crashing it into the ocean.

Hackers' flight plan to crash Global Hawk drone into Pacific AnonSec

AnonSec's flight plan to crash NASA's Global Hawk drone into the Pacific.

The group dumped 276 GB of data as proof published in an “OpNasaDrones zine” on Pastebin; it included names, email addresses and phone numbers of 2,414 NASA employees, 2,143 flight logs and 631 videos from aircraft and weather radars.

Why hack NASA? Chemtrails; I’m not joking. The group wrote:

One of the main purposes of the Operation was to bring awareness to the reality of Chemtrails/Cloud Seeding/Geoengineering/Weather Modification, whatever you want to call it, they all represent the same thing. NASA even has several missions dedicated to studying Aerosols and their affects (SIC) on the environment and weather, so we targeted their systems.

NASA denied AnonSec’s claim, telling Forbes, “Control of our Global Hawk aircraft was not compromised. NASA has no evidence to indicate the alleged hacked data are anything other than already publicly available data. NASA takes cybersecurity very seriously and will continue to fully investigate all of these allegations.”

The agency went a bit further with NASA’s Allard Beutel telling Motherboard, “NASA strives to make our scientific data publicly available, including large data sets, which is how the information in question was retrieved. In other words, we gave it away, it wasn’t stolen.”

However, reporter Lorenzo Franceschi-Bicchierai noted that Beutel would not “respond to multiple questions regarding the 8 hours of footage, which do not appear to have ever been made public before.” Yet the zine included a screenshot showing how AnonSec bypassed NASA firewalls, an image Motherboard said “seems to be lifted from a NASA site.”

How AnonSec hacked NASA, took control of Global Hawk drone

No matter how much you might love NASA, the agency isn’t known for having the best cybersecurity hygiene (pdf). AnonSec’s zine claims the original breach into NASA systems was unplanned and a result of the Gozi virus in 2013. It thanks baby boomer secretaries for their “lack of training and irresistible urge to open attachments in spoofed emails from the HR department.” An AnonSec member told Forbes that the group “initially bought access to the NASA network from a Chinese group, paying in Bitcoin in 2013,” adding that NASA allegedly has “many [Windows XP] and unpatched Ubuntu servers.”

After having an “initial foothold,” the hackers kept digging in and claimed it took a mere .32 seconds to brute-force an administrator’s SSH password as the credentials were unchanged from the default. Eventually the group said it was inside NASA’s internal network and three NAS devices, which NASA allegedly used to download and backup mission flight plans. AnonSec said it had access to boxes at NASA's Glenn Research Center, Goddard Space Flight Center and Dryden Flight Research Center networks. Some group members hunted for additional vulnerabilities while others researched missions and the capabilities of various aircraft.

The drone takeover allegedly occurred on April 9, 2015. The zine states, “After countless months of successfully retrieving NASA drone logs automatically, we noticed some weird traffic;” a single .gpx file was pushed out to Global Hawk each time it returned to base, indicating it had a “pre-planned route option” sent over WLAN. The group decided to do something “sinister,” using a man-in-the-middle attack to upload its own custom. gpx file to control the drone and “to crash the Global Hawk into the Pacific Ocean.”

Several members were in disagreement on this because if it worked, we would be labelled terrorists for possibly crashing a $222.7 million US Drone... but we continued anyways lol.”

Shortly after the drone left its predetermined flight plan, NASA noticed and took manual control of the drone. NASA then “finally” inspected their networks and shut the hackers out, but not before they allegedly took partial control of Global Hawk and supposedly stole about a 1 TB of data.

NASA “has a slew of network misconfigurations,” SecurityScorecard COO and co-founder Sam Kassoumeh told IBTimes. “Over the last year, we found over 10,000 malware signatures originating from NASA's network, meaning that 10,000 machines have been affected by malware and are communicating back to the owners of that malware.”

A good portion of AnonSec’s zine is devoted to chemtrails and related so-called “conspiracies” dealing with geoengineering, cloud seeding and weather modification. Regarding misconceptions about OpNasaDrones from previous articles and how much of the information is public, the group claimed it was a misunderstanding caused by language barriers as 90% was meant as education to show chemtrails and the rest are real.

They added:

Only a few files, screenshots and videos were actually part of the leak. Also the part in the OpNasaDrones about Aliens was (a) misinterpretation using Google Translate. What d3f4ult meant to say was while doing background research into NASA cover ups, he found out about supposed accounts of UFOs and aliens working with the government via Gary McKinnon's hack. We didn’t find anything related to aliens ourselves as the video made it sound like, sorry.

If you are wondering why it took so long to dump the data, that’s because it was first offered to WikiLeaks and The Guardian – neither of which would touch it – but AnonSec was waiting on their response.


Copyright © 2016 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon