NASA, ESA confirm hacks; The Unknowns says systems patched

NASA and the European Space Agency (ESA) have confirmed they were recently hacked. The hacking group The Unknowns says most of the 10 companies it attacked have patched their systems.
Written by Emil Protalinski, Contributor

Two of the 10 organizations listed in a recent hack attack have confirmed the alleged security breaches. Furthermore, the "new" hacker group The Unknowns behind the attack says many of the systems have now been patched, which was supposedly their goal.

Earlier this week, The Unknowns claimed to have hacked 10 organizations around the world, gaining administrator access for all and leaking data for some. In addition to revealing how to access the computer systems of the organizations in question, The Unknowns also posted screenshots showing they gained accessed to each and every one.

The group even put together 250MB worth of military documents from their hacks and uploaded the collection to MediaFire. Some of the leaked documents were several years old, but there were also a few from earlier in 2012.

The Unknowns listed 10 victim websites for which it publicly posted administrator accounts and passwords:

For the NASA hack, the group also decided to leak one of the research center's databases. They released names, employers, home addresses, and e-mail addresses of 736 victims on Pastebin. ESA is the other organization for which they also leaked more data, also via Pastebin. Both NASA and ESA have now confirmed the attacks.

"NASA security officials detected an intrusion into the site on April 20 and took it offline," a NASA spokesperson said in a statement. "The agency takes the issue of IT security very seriously and at no point was sensitive or controlled information compromised. NASA has made significant progress to better protect the agency's IT systems and is in the process of mitigating any remaining vulnerabilities that could allow intrusions in the future."

"The group used SQL injection... The use of SQL injection is an admitted vulnerability," ESA security office manager Stefano Zatti told ZDNet UK. "This needs to be addressed at a coding level."

In their original message, the group said the goal of their attacks is to improve the state of online security around the globe. Since my first article, The Unknowns Twitter account, which has gained some 200 followers since it was created this week, has sent out the following tweets:

For all the people out there who want me to support them with their "Hacking" knowledge, in any way, please stop doing that, I won't answer. Informing you that the link we used to penetrate threw the ESET's Database is no more Vulnerable. This really a great thing to know... For all the people out there that are asking us to check if their website is well secured; we will get to you as fast as we can.. We're soon going to email our Victims informing them on how we penetrated threw their Databases, they will get all the info they need. The Unknowns - Message: http://pastebin.com/biNMb7gf @TheHackersNews @FoxNews @5_News @BreakTheSec

As you can see, The Unknowns has a new message today, also sent out via Pastebin:

We are a new hacker group, we have never been in any hacking team before. We are not Anonymous Version 2 and we are not against the US Government. We can't call ourselves White Hat Hackers but we're not Black Hat Hackers either... Now, we decided to hack these sites for a reason... These Websites are important, we understand that we harmed the victims and we're sorry for that - we're soon going to email them all the information they need to know about the penetrations we did. We still think that what we did helped them, because right now they know that their Security is weak and that it should be fixed. We wanted to gain the trust of others, people now trust us, we're getting lots of emails from people we never knew, asking us to check their website's security and that's what we want to do. Our goal was never to harm anyone, we want to make this whole internet world more secured because, simply, it's not at all and we want to help. We don't want revolutions, we don't want chaos, we just want to protect the people out there. Websites are not secured, people are not secured, computers are not secured, nothing is... We're here to help and we're asking nothing in exchange.

Towards the end, they also shared some good news, declaring their mission a success:

And now, we are happy to inform you that most of the links we used to penetrate threw the databases, have been patched. This is exactly what we where looking for. This is what we want.

For all our supporters out there; Thank you, help us to spread the word, help us to make this internet world more secured.

I'll be watching The Unknowns closely for further attacks. If you have more information to share, do let me know.

See also:

Editorial standards