European Space Agency hacked

Update: A hacker has claimed to have breached the European Space Agency, gaining access to and publishing online what appears to be 200 usernames, passwords and email addresses related to the organisation, along with details on root servers and databases.

(Broken doors image by Eran Sandler, CC2.0)

In his blog, hacker TinKode listed email addresses allegedly linked to the prestigious CERN science institute, defence giant BAE systems and a string of others tied to the space agency.

The breach also revealed logs with titles such as calibration sources and orbit maintenance, according to TinKode.

The attack was launched on 17 April, but it's not clear where it originated.

Stratsec head of delivery Nick Ellsmore said that the veracity of the breach or methods behind it cannot be verified, but noted that the leaked details appear authentic.

"Just about every system out there can be compromised if given enough attention from someone who wants to do it," Ellsmore said. "The European Space Agency, or whoever else. They are, after all, a government agency."

To illustrate his point, Ellsmore noted the string of breaches in recent history which have hit Barracuda, Wordpress, Comodo, RSA and Epsilon.

"It's wrapping up to a bigger picture that just about all organisations are subject to attack."

The space agency has since confirmed that "some publicly accessible FTP servers used to communicate with external partners suffered an intrusion", which lead to the publication of some FTP accounts' and administrators' usernames and passwords as well as the email addresses of some users. Affected servers had been taken offline, affected parties notified and security tightened, according to the agency. It did, however, say that www.esa.int was not affected.

Updated at 8:48am 19 April 2011:: comment from ESA added.