Saturday, December 5, 2009

Couple of NASA.Gov Sites Hacked

I was just browsing a few blogs this evening and saw that NASA's Instrument Systems and Technology Division and their Software Engineering Division web sites were hacked and found to be vulnerable to what looks like SQL Injection as well as poor access controls. There may be a few other things going on there, but the details were pretty sparse, and I wasn't really looking to start probing the sites myself to find out what they're precisely vulnerable to.

The screenshot to the left shows access to the page editing functions of the site. NASA needs to get these sites secure as soon as possible. Any script-kiddie could walk in there and start adding their favorite drive-by download exploits as it stands.

The admin credentials (35 of them) were lifted off both Web servers by "c0de.breaker"

Original posting is over at TinKode.

Note: I've been advised that these vulnerabilities have been remediated.

7 comments:

  1. I think there should be a well publicised way of reporting vulnerabilities which still credit the white hat hackers IF they do it with the intention to show the vulnerability with no intention to harm the system/data.

    Pointing out that someone did a bad job with a security (esp. if we talking about companies founded by tax payers) is a good thing.

    Also by crediting those white hats for doing so with no harm done to the system would draw them away from the path which leads to criminal actions.

    I know that there is such thing as etical hacking and security companies do it for money but I still value this guy/gal as he/she may prevented NASA from something much worse. I love the work NASA does and I don't want anyone destroying there anything e.g. by not doing a proper job setting up the security.

    (of course I didn't do it, thats why I'm leaving the comment under my google account instead of anonymous) :)

    ReplyDelete
  2. Gunter,

    I believe that the posted pics may be from several years ago are not indicative of an NASA SQL exploit that accorred this past weekend. See this thread http://www.dslreports.com/forum/r23453712-Hacker-Scalps-NASARun-Websites which shows that the identical pics were posted by a Romanian cyber criminal back around November 19th. I believe that media reports of an exploit event this past weekend citing those pics are incorrect.

    MGD

    ReplyDelete
  3. Interesting. I was informed by someone working with NASA that these particular sites (and the others hosted on the same system) were fixed more recently than whats been discussed in the dslreports thread.

    At a stab, perhaps the original hacks were more around the time of c0de.breaker's other NASA hacks - which he's now reporting on his site - http://tinkode.baywords.com/index.php/2009/12/nasa-full-dislocure-again/ which are timestamped 2009-10-26.

    ReplyDelete
  4. I think that time frame maybe closer. Subsequent translations of the IRC logs show another person asked:

    quote:
    [12:38] (Flb09b) muieflooderu you're somehow friends ala c0de.breaker hacker who cracked TinKode aka NASA and posted here? http://www.hackersblog.org/2009/10/11/live-demonstration-of-an-sql-injection-attack-nasa-gov-subdomain/
    end quote

    That link was to a Posting on October 11th, 2009 and was credited to c0de.breaker. That post included a video of the exploit, and also had the same links to the images. That would date the images to at least prior to 10/11/2009.

    MGD

    ReplyDelete
  5. While it is dificult to establish the precise date of the pics, I believe it is reasonable to at least rule out that they are related to any "hack over the weekend" that the Register article refers to.

    I do now concur that it is likely to be more recent than I stated originally in the DSLR thread.

    MGD

    ReplyDelete
  6. It looks that Romanian hacker hasn`t stop there.

    http://tinkode.baywords.com/index.php/2009/12/nasa-vulnerable-to-mssql-injection/ - > Nasa vulnerable to MSSQL Injection

    http://tinkode.baywords.com/index.php/2009/12/kaspersky-thailand-full-access/ -> Kaspersky hacked again

    ReplyDelete
  7. Gunter,
    Thanks for sharing such a nice information, yes even i too agree that NASA needs to get these sites secure as soon as possible.insecurity is growing briskly whilst advanced technology and networks. Hackers are more comprehensive, so there is a need of CEH(Certified Ethical Hacker) for more information on CEH check this link http://www.eccouncil.org/certification/certified_ethical_hacker.aspx

    ReplyDelete