Cyberwar on NASA Websites

Vexorian writes "Two NASA websites were hacked today by a group of Chilean activist hackers. The reason was to protest against the war on Lebanon. The mirror of the defaced site contains an image of an injured child and claims that the sites were running MacOSX."

OS X hacked or the Web Application

[mitchell_pgh]

What is not clear is... did they hack OS X or simply hack a web application running on OS X. I wouldn't say "Linux was hacked" if I was running an insecure forum or blog. The information is VERY thin, but I'm interested to see if OS really was hacked.

Re:OS X hacked or the Web Application

[constantnormal]

So how does using SQL injection in an apache (which I believe runs as a non-admin user -- at least apache 1.3.x does, not sure about 2.x) cgi app, gain access to passwords -- which ought to still reside in an encrypted facility within OS X?

I can see that if the site's designers stored users and passwords in an unencrypted SQL table, that it would be like taking candy from a baby, but surely no one is so stoopid as to design that sort of exposure into a system?

I suppose that once they inject their code into the works and are executing commands as the apache user, they might be able to do some stuff and eventually escalate their authority to a level at which they had some power.

Most of OS X's "security" is in keeping intruders out. Once they gain access to a system, even as a non-admin user, there are probably^H^H^H^H^H^H^H numerous ways in which they can proceed. Good security practices can mitigate these exposures, but the first step in securing a system is to keep intruders out. Stronger measures are needed because nobody's perfect, and there is always the possibility that an intruder will get in, probably via social engineering. Good security practices will make things more difficult for a non-admin user to escalate their authority to a point where they can do some real damage.

But in this case, to merely hack a webserver, all that is required is to be able to create some web pages containing your content -- no further hackery is required (I think).

Possibly TFA was a bit over the top in describing what had been done to the systems -- while they could have proceeded further, merely altering data within the scope of apache's access was the only requirement to accomplish their visible exploit.

This goes to show the need to properly validate ANY input coming into your webserver from the outside world before merrily handing it off to your SQL processor.

Re:OS X hacked or the Web Application

[Lars+T.]

For what it's worth, the same group defaced several hundred websites in the last couple of days, almost all of them running under Linux.

Re:Here goes...

[sponga]

You make a strong point. Except Israel just released video of that strike that they did on that building that killed the 50+ people and sure enough it looks like from the video that the missles are being fired right from behind the main large 4 story building on top of the hill. Yes that is truly sad so many woman and children were killed/crushed to death and I have compassion; but as some news agency have been reporting is 'where are all the young and older men casualties at in the building?'. Could they have been firing from the building from behind or somewhere else at dead night? Argument that they could not get out because of roads/bridges blown were false because the news crews have been reporting they got there with their big news vans easily.

Re:Here goes...

[Stalyn]

The Bush administration does not understand the Arab community. The Middle East has a long tradition of successful military campaigns. The culture in the Arab world demands military success and takes pride in that. When the Arab world was unable to defeat Israel on multiple occasions the collective Arab world was humiliated. They are unwilling to forgive Israel but also their own leaders for their military failures.

When a foreign nation like the USA takes down an Arab government like Iraq there is the same sense of humiliation. That the Arab world was itself unable to take down a brutal dictator but also in the post-war occupation they are unable to govern its people. However when a group like Hezbollah is able to stand up to Israel, even though Hezbollah is a Shiite group, the Arab street is overwhelming in favor of those who they perceive as standing up to foreign aggression. At the same time they criticize their leaders for not taking a similar stand.

The Arab world is desperate for some sort of success, be it military or political and are willing to cheer on even the most insidious of organizations. The longer this conflict goes on, the more civilians who die and the more Hezbollah holds out the more radicalized the Arab world will become.

I think the Bush administration is right in that we should invest in democracy, freedom and economic prosperity in the Middle East. This is the long term strategy that will provide peace in the region. However it can only come through political action. A military strategy will only be ferociously resisted by the Arab world.

Re:Stupid activists (not a flame here.)

[SillyNickName4me]

managing Lebanon is Lebanese priority, not Israeli.

Not according to international law. You occupy, so you are in control and you are responsible.

What you suggest contradicts the entire concept of an occupation.

Israeli priority is to make sure that the occupied territory does not harbor terrorists with rockets and rocket launchers.

That was the responsibility of Lebanon upto the point of occupation (during the first occupation it was the PLO and not Hezbollah who sat there with their rockets and launchers and mortars and what not, not to mention Lebanon was rather involved in a civil war).

Now? It was definitely the responsibility of the Lebanese government to see to it that Hezbollah got disarmed. They failed for obvious reasons. Lets not forget that Israel found itself unable to do much about Hezbollah while they were occupying Southern Lebanon, and that in fact Hezbollah's effectiveness has been a factor in Israel ending that occupation. Expecting the Lebanese army to do the job instead is disregarding reality, even more so when realizing that this would certainly result in a continuation of the civil war.

Managing an occupied territory, that is very interesting idea. Let's ask the US how that is going in Iraq.

They have done pretty well in Germany and Japan. After that however there is also a long string of failures.

It might be very interesting to see why the first 2 worked, but that will be a bit too much to write in a simple post here.

Instead I'll point at the main reasons why the Iraq occupation does not seem to work very well..

Three issues come out on top:

1. Occupation force for Iraq is at least a factor 5 too small, and more likely a factor 10. You are not going to controll a country that used to have a large military busy with internal control, with a force approx 1/8th of the size of the local army.

2. As a consequence it failed to provide quick security and basic needs like food and shelter to the population

3. Disregard of the local situation in many aspects (ethnic, political, religious)

That said, the attempt in Iraq does have a chance tho it is unlikely to work out in the way the USA envisioned.
And so did the initial occupation of South Lebanon by Israel.

One could even argue that the initial occupation of South Lebanon was very succesfull. In the end it managed to drive the PLO out of Lebanon, and in a military sense its goals were achieved completely.

The problem is that the consequences were worse then the problem it tried to address. The party in control there was Israel, and so the ones responsible for allowing those consequences are to be found in Israel, not Lebanon.

If Israel had treated the local population well (remember that that local population did at that moment support the Israeli invasion and occupation) and aligned themselves with the local people instead of bringing in the SLA, it is very likely that Hezbollah would never have gotten beyond a few isolated extremists.

This time around, the majority of people in South Lebanon don't want a militia there, but they have learned over the last quarter of a century that having a 'friendly' militia there is a lot better then having Israel there. At least Hezbollah provides for schooling, medical care and food where needed.

All this said, Hezbollah has made a habbit out of attacking civilians and for that simple reason have no legitimacy whatsoever. Israel is not responsible for Hezbollah's choices obviously.

Re:I don't get it..

[frdmfghtr]

When last I looked into this it was a unilateral isreali action.

Some may go as far as to say that the action was unilateral by the US using Israel as a puppet state to do the Bush administration's bidding. Some may also say that the US "support" for Israel's actions points toward the US being a puppet state of Israel (they sit in a region of vast oil resources and we don't). The heavy bombing in sountern Beirut amazingly stopped for several hours during Condolezza Rice's diplomatic trip to Beirut. Imagine the odds, the "no bombing" window and her visit coinciding like that...

But this is all offtopic and I'm not anything remotely close to being politically "in the know."

Re:more proof of a foriegn policy failure

[Chaffar]

Actually, the current Lebanese government was (yes, was) pushing for an improvement of US-Lebanon relations. After Syria had been kicked out, Condoleezza Rice came to Lebanon a few times, as they saw in Lebanon a potential ally, a burgeoning democracy, one that would champion the Moderate Arab values around the Middle East.

So, in this context, it is true that the US has gone from loved to hated in the span of 17 days. Everything that has happened since the beginning of the war has strengthened the radical elements of the Lebanese government (like it or not, Hezbollah is part of the Lebanese gov't and represents 45% of the population). Every civilian killed was proof that everything that the radicals have been saying about the "Zionists" and the "Imperialist American Dogs" was true.

Re:Stupid activists (not a flame here.)

[roman_mir]

Well, you are spewing bullshit. None of the attacks were against 'innocent civilians'. Israel does not target innocent civilians, they target Hezbollah terrorists, they fire at rocket launcher sites. Civilians and the UN happen to be there, sure.

Read this. This is from a Canadian UN soldier who got killed by the way.

And this: U.N. Chief Accuses Hezbollah of 'Cowardly Blending' Among Refugees

Re:South Americans? Arabs? Whats the difference

[Dhalka226]

If you guys didn't have contempt for peaceful forms of protest like this

We have contempt for forms of protest that break the law.

You want to protest in the streets of Chile? Go ahead. You want to march on Washington? Be my guest. You want to call the president nasty names? I'll join you.

You want to do something productive, like start up your own site with the side of this that we're likely not seeing, at least not much, in the US? Please do.

You want to break into a server because you can and deface it? No, you deserve to go to jail. And you deserve to have the shit kicked out of you while you're there, since regardless of whether or not you may have had some point to make, you made your entire cause look stupid in the process--not to mention the fact that NASA has absolutely nothing to do with anything going on in Lebanon.

Do you think this stunt made me any more sympathetic to their cause? It didn't. And most reasonable people feel the same.

Re:Am I missing something?

[jackbird]

Since it seems that the vast majority of that foreign aid was lining the pockets of Arafat's cronies (which is what led to Hamas being elected in the first place) rather than serving the useful purpose for which it was intended, cutting off aid seems pretty reasonable. And resuming aid to a Hamas government that openly advocates genocide doesn't seem like a winner either.

The trouble is that the arabs and palestinians have played for keeps and lost so many times that they've run out of palatable options.