Must Read: The HTC One Google Edition? A Sense-less plan, if you ask me

Topic: Browser

Mystery group hacks US military, Harvard, NASA, more

Summary: The Unknowns says it has hacked ESA, NASA, US military, US Air Force, Thai Royal Navy, Harvard, Renault, French ministry of Defense, Bahrain Ministry of Defense, and Jordanian Yellow Pages.

Emil Protalinski

By for Zero Day |

Update on May 4 - NASA, ESA confirm hacks; The Unknowns says systems patched

A hacker group calling itself "The Unknowns" claims to have hacked 10 organizations around the world, gaining administrator access for all and leaking data for some. Most are related to the U.S. government or another international legislative body, while the rest just seemed like random targets.

The Unknowns yesterday set up the Twitter account "1_The_Unknown_1" and released their results on Pastebin. Apparently, the group's slogan is "We are The Unknowns; Our Knowledge Talks and Wisdom Listens..."

The Unknowns listed 10 victim websites for which it publicly posted administrator accounts and passwords:

In addition to revealing how to access the computer systems of the organizations in question, The Unknowns also posted screenshots showing they gained accessed to each and every one. More importantly, the group put together military documents from their hacks, and uploaded the collection to MediaFire: Part 1 (177.79MB) and Part 2 (37.37 MB).

So, what was the motivation? The group wrote the following message, explaining that the goal of their attacks is to improve the state of online security around the globe:

Victims, we have released some of your documents and data, we probably harmed you a bit but that's not really our goal because if it was then all of your websites would be completely defaced but we know that within a week or two, the vulnerabilties we found will be patched and that's what we're actually looking for. We're ready to give you full info on how we penetrated threw your databases and we're ready to do this any time so just contact us, we will be looking forward for this.

And for all the other websites out there: We're coming, please, get ready, protect your website and stop us from hacking it, whoever you are. Contact us before we take action and we will help you, and will not release anything... It's your choice now.

And for the Public: We're looking for your support... Support us to deliver our message to everyone out there...

As for the screenshot above, I chose the NASA hack because the group also decided to leak one of the research center's databases. They released names, employers, home addresses, and e-mail addresses of 736 victims on Pastebin. ESA is the other organization for which they also leaked more data, also via Pastebin.

If you have more information about The Unknowns, please let me know.

Update at 9:15 PM PST - I'm hearing that The Unknowns may be trying to use an old hack to gain Twitter followers. Some of the leaked documents are indeed several years old, but there are also a few from earlier in 2012. I will update you again if I learn more.

Update on May 4 - NASA, ESA confirm hacks; The Unknowns says systems patched

See also:

Topics: Browser, Software Development

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

16 comments
Log in or register to join the discussion

  • without going into the usual rhetoric

    We know these guys are there, the really difficult part is locating them. Good luck with that, really.

    [i]" ... If you have more information about The Unknowns, please let me know. "[/i]

    ... i've got one snippet .. they're not going to be "unknown" for very long.
    thx-1138_
    Reply Vote

  • Well either English is their second language

    or they're uneducated.

    The use of threw rather than through and "looking forward for this" rather than looking forward to this would probably indicate English is not their native tongue.

    As for their efforts, it's all good if it improves security. Hell if they did it to Google's always buggy beta software, they'd also get paid ;-)
    tonymcs@...
    Reply Vote

    • It could.....

      They also might have done that on purpose.
      Snack&nap
      Reply Vote

  • Well if you're going to run open source you're going to get hacked.

    So just know it and expect it.
    Johnny Vegas
    Reply Vote

    • Wrong

      Android have not yet had a single remote exploit that could allow one to remotely root it without user interaction (trojans don't count as a measure of platform security), but the iPhone has been jailbroken SEVERAL times by simple UNAVOIDABLE PDF exploits through the browser. Seriously, if simply clicking a link can get your devices 100% pWned, that's not secure...

      Open source is NOT in any way at all inherently less secure. It's all about keeping security flaws patched, nothing else. And if you're running a proprietary program and the vendor ain't patching the flaw (reminds me of Apple who didn't path their Java VM for WEEKS!), you're essentially screwed. With open source, you at least have a chance to patch it yourself or use a patch from somebody you trust (security firms, etc).
      Natanael_L
      Reply Vote

      • yes it has

        Google its been hacked and has virus. That does not make it a bad OS but stop making stuff up. OS X was hacked from java which no one actually uses it, Java script is all people need for online usage.

        This is not about that, these organization even the military use Windows and windows alone. I never understand how the Military would be so stupid to do that. NASA wtf are they for real, has our infrastructure gotten to lazy they only use one OS 99% of the time.
        Kiljoy616
        Reply Vote

    • WOW

      That is one of the most lame statements I have heard this week.
      smashandgrab
      Reply Vote

    • these organization even the military use Windows and windows alone

      @Kiljoy616: Blatantly wrong answer.
      Bruce Epper
      Reply Vote

  • Aftermath

    Interesting. Gary McKinnon, a UK based kid with Asperger's did exactly this sort of thing afew years ago, according to the US gov that puts him almost on a par with "terrorists". Indeed, the US legal machine, ably assisted by the lickspittle UK government, are insisting he be extradited to the USA so he can be made an example of. Will this group also be ruthlessly hunted down and out on trial too?
    whisperycat
    Reply Vote

  • What "Mystery"?

    Replace the word "Mystery" with "Chinese Goverment Sponsored" and you have a real story. There is no mystery here - it is China. Who else could it be? Nobody. Who else cares about the Thai Royal Navy? Russia? No. Iran? No. North Korea? No. China's government is behind the most massive global theft of the Intellectual Property & State secrets in the history of the World - no other country comes remotely close.
    InternetSecurityAnalyst
    Reply Vote

    • Highly unlikely, as China would never warn of the breach

      I have no doubt the Chinese government is VERY actively involved in cyber-espionage. That being said, the fact that Unknown has announced their breaches makes their origin being China so unlikely as to be impossible.

      Why would China want to encourage their targets to patch their security holes? They would rather keep the back door open as long as possible to drain as much IP as they can get their claws on.
      JJMach
      Reply Vote

  • Their aim is not what they claim.

    Their contention that they are doing this only to point out to the victims that their systems are open to exploit, and thus helping them, does not hold water. If that is what they really wanted to do they could simply contact the victims directly, supply proof that they had been able to break through the victims security and the information on how it was done. Releasing these exploits to the public is a simply serious threat to the victim's data. They are criminals and certainly will not receive any support from me.
    GKSeifert
    Reply Vote

    • They may be "gray" hats

      I agree their methods are not unimpeachable, and I have not looked at the documents to see how big of a security breach any of them were. However, I will not immediately lump them in with the black-hat crowd, because it would hardly be the first instance when someone got frustrated enough with warning a system owner about security holes, only to get ignored, that they make the breach or exploit public to shame the organization into patching.
      JJMach
      Reply Vote

  • Support Them?

    "And for the Public: We???re looking for your support..."

    Right. I'll support "cyber bullies". If they are what they claim, they are no different than so many others...bullies hiding behind a keyboard.
    BobManGM
    Reply Vote

  • Oh great

    If it wasn't bad enough with the already young kids on their mothers computers pretending to be hackers now the Chinese are trying to get in the game with material dated a few months ago. OK Wong and Family you continue dis and I will think threw it........... lol
    guitarest
    Reply Vote

  • Defense

    I believe that this group is hoping to build a defense ahead of time for their actions.
    In saying that they mean no real harm and are just trying to protect the public, by publicly humiliating their victims to patch and secure their electronics, could very well be a setup as a defense of their actions, for when they get caught. By claiming to be acting in the public's best interest and not intentionally trying to cause harm to their victims, I'm sure that they hope to be able to get any charges against them dropped, or at least minimize their punishment, when the law catches up with them.
    bruceslog
    Reply Vote
CNET Join | Log In | Privacy | Cookies Close