Hack Targets NASA’s Earth Observation System

A hacker is claiming that a security hole in a server at NASA’s Goddard Space Flight Center has exposed data related to a satellite-based Earth observation system used to aid in disaster relief.

A hacker is claiming that a security hole in a server at NASA’s Goddard Space Flight Center has exposed data related to a satellite-based Earth observation system used to aid in disaster relief.

The hacker, who uses the handle “Tinkode” has published a screen capture from what he claims is an FTP (File Transfer Protocol) server at NASA’s Goddard Center. The hack comes exactly a month after the same hacker exposed a similar hole in a server operated by the European Space Agency.

The screenshot from the server at the Goddard Space Center was published on Tuesday. It shows a directory tree from the server, servir.gsfc.nasa.gov, which appears to be connected with NASA’s SERVIR program. It is not clear what the purpose of the server is or the nature of the security hole exploited by Tinkode.

NASA was not able to comment prior to publication of this story.  

SERVIR is a joint program between NASA, USAID, CATHALAC and other non profit groups that uses data from land based radar and geosynchronous satellites to aid in natural disaster analyses, environmental monitoring, health risk assessments, and issues related to climate change and biodiversity.

The server directory screenshot posted by Tinkode includes folders with names like ASAR_Africa and ASAR_Haiti. ASAR is an acroynm standing for Advanced Synthetic Aperture Radar, one of the technologies that contribute data to the SERVIR program.

The individual known as “Tinkode” is a Romanian hacker who has been linked to other noted breaches. In March, he was one half of a team that breached the security of MySQL.com, the Web site for the open source database product.  In April, he published the names and e-mail addresses of European Space Agency employees after compromising a server operated by that agency. NASA, the U.S.’s space agency, is no stranger to security incidents. Recent audits of the agency’s network and data security practices turned up evidence of lax IT security practices. A 2010 internal audit found significant weaknesses in the way NASA disposes of its old IT equipment, including evidence that the spent hard drives containing sensitive Agency data may have been sold to the public. A 2011 Inspector General’s report on the agency’s computer network found that it was fraught with security holes, many of which have been known about for months without being fixed.

Suggested articles

Discussion

  • Anonymous on

    I'm not one bit surprised. I had a colleague years ago who was once employed with CSC and worked at NASA as a contractor. Months after his employment with CSC was terminated, he still had the ability to telnet (yes, TELNET) into several NASA servers which he used to administer. He carried around a folded-up piece of paper in his wallet containing public IP addresses, user IDs and passwords for these servers. Perhaps NASA should dedicate a small percentage of its hundreds of millions of annual expense dollars to secure its network infrastructure. Just a thought...

  • Anonymous on

    Blog post: http://tinkode27.baywords.com/nasa-goddard-space-flight-center-ftp-access/

  • NetNinja on

    Why are they using insecure protocols?

    FTP?

    The previous poster said they were using Telent!?

    This is what happenes when the government hires outside contractors to support thier computers systems. They are not allowed to improve agging systems nor implement secure computing practices. 

    The government doesn't want to pay retirement to sys admins. However they rather hire contractors (Spies) from other countries to support thier systems.

     

  • Anonymous on

    Nobody wants to pay for security.  They are only forced to after the fact.

  • Anonymous on

    A screen shot of directories suggests you are able to download files. Lots of ftp servers will allow you to do this with an anonymous account. But uploading from a public account is usually blocked. Not everything is a secret! It may be shocking to certain climate professionals, but there can be good reasons to let anyone see you satelite data without passing by Freedom of information act or stolen emails. Particularly if the priority is an emergency response. Some people are pushing for more access in real time not less.  While NASA may also have leaked personell details on other occasions but the "Tinkode" does not appear to show this.

  • Guy Who Works At GSFC on

    Actually, we do. But there's too much autonomy among the groups on how to secure and handle their incidents...follow-up and follow-through are still things we're grappling with, and with different contractors, contracts, and expectations, it can become a morass of coordination. Unfortunately things like this FTP brute force breach then rear their ugly head.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.