A group of Iranian student hackers known as the Cyber Warriors Team claims to have stolen the personal information of thousands of NASA researchers.
The Cyber Warriors Team boasted in a May 16 Pastebin post that it exploited a secure sockets layer (or SSL) vulnerability in the space agency's website to swipe "information for thousands of NASA researcher[s] with emails and accounts of other users."
In the hackers' poorly worded English message, "How and reasons to Hack NASA SSL Certificate," the group said the security glitch still exists, and leaves the agency open to more malicious attacks. The "man-in-the-middle" breach enabled the hackers to "clear the track after each connection in the network" to evade detection, the group said.
NASA did not return a call for comment from SecurityNewsDaily.
As researchers from Kaspsersky Lab explained, the Cyber Warriors Team is an independent network of Iranian student hackers and programmers, and the members used an HTTPS protocol scanner to automatically identify the NASA security bug. The Cyber Warriors Team promised to post a video at a later date showing how it performed the NASA hack.
Although still unconfirmed, this alleged security breach is not the first attack to be levied against the space agency in an attempt to either harvest internal confidential files or to warn the agency to plug its leaks.
Earlier this month, NASA, along with the European Space Agency, confirmed that a hacking group called "The Unknowns" successfully penetrated its servers. The Unknowns did not leak any confidential information to the public, but instead informed NASA where the security bug was found so it could be fixed.
In a decidedly less altruistic incident, a Romanian hacker calling himself "TinKode" breached a server belonging to NASA's Goddard Space Flight Center in April 2011, gaining access to confidential satellite data.
And in late February 2012, NASA Inspector General Paul K. Martin said that a notebook computer stolen in March 2011 "resulted in the loss of the algorithms" used to control the International Space Station. That missing laptop was one of 48 NASA notebooks or mobile devices stolen between April 2009 and April 2011.
- Drive-By Downloads: How They Attack and How to Defend Yourself
- NASA Confirms Hack By 'The Unknowns'
- Top 10 Password Management Software Products
© 2012 SecurityNewsDaily. All rights reserved