A hacker is claiming that a security hole in a server at NASA’s Goddard Space Flight Center has exposed data related to a satellite-based Earth observation system used to aid in disaster relief.
The hacker, who uses the handle “Tinkode” has published a screen capture from what he claims is an FTP (File Transfer Protocol) server at NASA’s Goddard Center. The hack comes exactly a month after the same hacker exposed a similar hole in a server operated by the European Space Agency.
The screenshot from the server at the Goddard Space Center was published on Tuesday. It shows a directory tree from the server, servir.gsfc.nasa.gov, which appears to be connected with NASA’s SERVIR program. It is not clear what the purpose of the server is or the nature of the security hole exploited by Tinkode.
NASA was not able to comment prior to publication of this story.
SERVIR is a joint program between NASA, USAID, CATHALAC and other non profit groups that uses data from land based radar and geosynchronous satellites to aid in natural disaster analyses, environmental monitoring, health risk assessments, and issues related to climate change and biodiversity.
The server directory screenshot posted by Tinkode includes folders with names like ASAR_Africa and ASAR_Haiti. ASAR is an acroynm standing for Advanced Synthetic Aperture Radar, one of the technologies that contribute data to the SERVIR program.
The individual known as “Tinkode” is a Romanian hacker who has been linked to other noted breaches. In March, he was one half of a team that breached the security of MySQL.com, the Web site for the open source database product. In April, he published the names and e-mail addresses of European Space Agency employees after compromising a server operated by that agency. NASA, the U.S.’s space agency, is no stranger to security incidents. Recent audits of the agency’s network and data security practices turned up evidence of lax IT security practices. A 2010 internal audit found significant weaknesses in the way NASA disposes of its old IT equipment, including evidence that the spent hard drives containing sensitive Agency data may have been sold to the public. A 2011 Inspector General’s report on the agency’s computer network found that it was fraught with security holes, many of which have been known about for months without being fixed.
