Nasa Computer Hacked, Satellite Data Accessed

By Author: Apple Tan
Total Articles: 68
Comment this article

A Romanian hacker known as TinKode claims to have breached a computer server at NASA‘s Goddard Space Flight Center and gained access to confidential satellite data.
Tinkode later posted a screenshot of what he said was a Goddard Space Flight Center FTP server. The screenshot shows files that appear to be connected with NASA‘s SERVIR program, which uses satellite data to aid in disaster relief, health risk assessments and climate change and biodiversity issues.
The Network World story said that, after hacking into servir.gsfc.nasa.gov, TinKode sent an email alert of the hack to NASA's webmaster. His screenshot shows folders like RADARSAT, ASAR, ASAR_Aus, ASAR_Africa, and ASAR_Haiti.  ASAR is short for Advanced Synthetic Aperture Radar, a technology used by NASA.
Rob Gutro, deputy news chief at the spaceflight center, located in Greenbelt, Md., confirmed "There was a breach in the NASA Goddard FTP site" but said it actually took place in April.
"The necessary steps were taken to protect the infrastructure at that time," Gutro told SecurityNewsDaily, adding, "NASA doesn't discuss the details ...
... of our IT security but remains vigilant to secure the security of our sites."
It's unclear how TinKode might have busted into the space agency's website. Interviews with the grey-hatted hacker, as well as his general modus operandi, suggest that he is motivated more by intellectual curiosity than mischief.
“I am doing this because finding security holes represents a hobby for me. I don't do bad things. I only find and make public the info. Afterwards I send an email to them to fix the holes. It's like an security audit, but for free,” said Tinkode to Network World.
“TinKode is one of a new breed of hacker, courting the media and announcing his successful hacks via web postings and announcements on his Twitter account. The good news is that the mysterious TinKode appears to be spurred on more by the desire to embarrass organizations into tightening their web security than financial motivation,” explains Graham Cluley, senior technology consultant at Sophos.
TinKode’s announcement of his hack came just one day after the final launch of the NASA space shuttle Endeavour before its retirement, and one month to the day after TinKode allegedly hacked into the servers of the European Space Agency.
A month ago, TinKode exposed a similar security hole at another space agency by hacking into a server operated by the European Space Agency at www.esa.int. He then leaked a list of FTP accounts, email addresses and passwords for administrators and editors. TinKode did not publicly disclose the method used to hack the ESA site.
Early this year, TinKode, another hacker called ‘Ne0h’, and another with the alias of ‘Jackh4x0r’, hacked into the Web servers hosting MySQL.com, proving it was vulnerable to SQL injection as well as XSS. MySQL.com is the main site for the open source database product and a sister site to the French, German, Italian and Japanese markets.
NASA's Inspector General warned in March that security shortcomings at the space agency left it open to defacement, denial of service or information-stealing attacks. NASA executives promised to tighten up security policies, a process that TinKode's exploit would suggest is far from completion.
This incident is sure to embarrass space centre chiefs, especially since it comes only weeks after a negative report on NASA's information security strategy. It is evident that government departments and organizations need to take proper measures to safeguard their network security to halt information security breach. They need to implement robust information security initiatives, including having a proficiently skilled IT security workforce, in order to avoid cyber attacks and security breaches.
IT security professionals can increase their information security knowledge and skills by embarking on advanced and highly technical training programs. EC-Council has launched the Center of Advanced Security Training (CAST) to address the deficiency of technically proficient information security professionals.
CAST will provide advanced technical security training covering topics such as advanced penetration testing training, Digital Mobile Forensics, Cryptography, Advanced Network Defense, and advanced application security training, among others. These highly sought after and lab-intensive Information Security training courses will be offered at all EC-Council-hosted conferences and events, and through specially selected authorized training centres.

About EC-Council
The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in cybersecurity and e-commerce. It is the owner and developer of 20 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and Certified Security Analyst /Licensed Penetration Tester (ECSA/LPT). 
EC-Council’s Center for Advanced Security Training (CAST) was created to address the need for highly technical and advanced security training for information security professionals. CAST programs stand out from others thorough their extreme hands-on approach. CAST offer programs that cover important domains such as advanced penetration testing training, malware analysis, advanced social engineering, cryptography, digital forensics deep dive, and web application security training, among others.
EC-Council has trained over 90,000 security professionals and certified more than 40,000 members. Its certification programs are offered by over 450 training centers across 84 countries. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. Department of Defense via DoD 8570.01-M, the Montgomery GI Bill, National Security Agency (NSA) and the Committee on National Security Systems (CNSS).