There’s still no official response from NASA officials after a group of Iranian student programmers calling themselves Cyber Warriors Team claimed to have swiped records for thousands of NASA researchers by compromising an agency site’s SSL certificate.
In a May 16 statement posted on Pastebin, the group claimed (in poorly constructed English) to have exploited a vulnerability in a login system to gain administrative rights. “Our main work and we target Is in use. Our target was not Internet sabotage. Our Target was Do ‘MAN IN THE MIDDLE’ attack (with using Confirmation obtained) and also Clear the track after each connection in the network For Hide and Disclosing my presence in Two-way communication between. But the problem still exists And its use isn’t Hard For We (CW.T).”
NASA has come under federal scrutiny since admitting earlier this year that it’s suffered more than 5,400 cyberattacks between 2010 and 2011.
At the time of the disclosure, the agency’s Inspector General noted some incidents included the theft of several dozen laptop and mobile devices lacking any type of encryption to help hide sensitive data stored within. Others took advantage of flaws on Web sites to gain illegal access.
“These incidents spanned a wide continuum from individuals testing their skill to break into NASA systems, to well-organized criminal enterprises hacking for profit, to intrusions that may have been sponsored by foreign intelligence services seeking to further their countries’ objectives,” Paul K. Martin wrote.
Cyber Warriors Team is apparently an independent group of Iranian student hackers and programmers who promised to post video of the NASA attack at a later date. The team says it created an HTTPS protocol scanner to locate the vulnerability in the NASA Web site, later identified as the Solicitation and Proposal Integrated Review and Evaluation System (NSPIRES) site.
“For further evaluation, We Extract CSS File. We have used the vulnerability of existing (For identification and more information ),” according to their post. “We use the cavity IN ” /external/login/login.do. ” and Extract Username Column and Find Input details.”