Slashdot Mirror
AnonSec Attempts To Crash $222m Drone, Releases Secret Flight Videos (ibtimes.co.uk)
An anonymous reader writes with an excerpt from IBTimes that says it's not just governments that have proven themselves capable of hacking into drones: Hackers from the AnonSec group who spent several months hacking NASA have released a huge data dump and revealed they tried to bring down a $222m Global Hawk drone into the Pacific Ocean. The hack included employee personal details, flight logs and video footage collected from unmanned and manned aircraft. The 250GB data dump contained the names, email addresses and phone numbers of 2,414 NASA employees, 2,143 flight logs and 631 videos taken from Nasa aircraft and radar feeds, as well as a self-published paper (known as a 'zine') from the group explaining the extensive technical vulnerabilities that the hackers were able to breach.
Among these: the group discovered that the flight paths uploaded into each drone could be replaced with their own.
AnonSec found that the administrator credentials for securely controlling Nasa computers and servers remotely were left at default
Hmm ..
According to Infowars, which was alerted to the zine's existence by AnonSec, the hackers' main purpose in hacking Nasa was to highlight the fact that the US government is using climate engineering methods such as cloud seeding and geo-engineering to manipulate the climate and cause more rain to fall in order to combat the effects of carbon emissions.
Well...? Are they?
How much of a hack is it, when the basic understanding of their servers, is bought from someone from either within or a former member of the I.T. team? "AnonSec explains that it purchased an "initial foothold" from a hacker with knowledge of Nasa's servers in 2013"
They're not terrorists. They're criminals, yes, and idiots too, but their intent was not to cause terror. Yes they should be arrested, but let's stop labeling every extreme action "terrorism" when that's obviously not the intent.
names, email and phone numbers of all NASA employees are public, and on the web at people.nasa.gov. tens of thousands of em, free for the taking. There's also an x.500 directory.
The problem is they couldn't actually do either action. This is a bunch of hype trying to claim greater "hacking" capability than they actually have. Hell, even the article says they gained access by purchasing it from someone else.
Having worked on those aircraft for the better part of 10 years, these guys didn't do a damn thing. The mission plans would have been noticed immediately as using the wrong waypoints and been corrected, manually or from known-good files. These guys didn't have a chance of actually crashing anything except maybe a couple of servers at NASA, which would have done nothing.
NASA clearly needs to update some of their Network security protocols and probably fire a couple of people, but this is a non-story with respect to the drones. It's FUD trying to drive site clicks.
"Growing old is inevitable; growing up is optional."
More or less. There is no acceptable or even pseudo-acceptable justification for this attack.
There's no secret conspiracy uncovered, no risk to national security the government won't admit to or fix, just NASA doing what they're supposed to be doing.
And these idiots deciding to try and fuck it up as best they can because they can. A lengthy stay in prison without access to electronics might just be what they need to smarten up. If not, at least they'll have less opportunity to cause trouble for a while.
What an ignorant comment. NASA is using these drones for scientific missions. Among other things, they take measurements of the ozone layer, collect data on transport of aerosols and pollutants over the Pacific (which undoubtedly impacts the weather on the west coast), and collects data on developing Atlantic hurricanes. Just because something isn't particularly secure doesn't mean you should hack it. I'd bet that the signals sent to the Voyager spacecraft and probably the Mars rovers don't use strong encryption. I'd bet if someone put their mind to it, they could spoof the signals sent to them. It would also be a dick move to interfere with valuable scientific missions just because you want to hack something. I understand the concept of hacktivism but this isn't it. That you consider NASA's atmospheric research your enemy says more than enough about you.
Your being naive if you think crashing NASA's servers and getting thousands of employees personal information was nothing. That's a crime potentially in the millions of dollars, perhaps not 200 million, but still serious enough. The story is not the drone, the story is the hack. Your perspective is just on the drone because you worked on them. Keep your eye on the ball man. They hack these things just because they can and release the info to show off these glaring security holes and how far they got into the system. Crashing it would have just been better PR for them in the lulz world, but hacking it and NASA's data is still a big deal. Also, not crashing it probably plays off better in the real world where people still like NASA and would probably prefer hackers not to fly 200 million tax dollars into the ground to prove they can.
Still, our security is far too weak, the point has been made yet again. I think that's what you supposed to be getting out of this. Just because this time they didn't crash a drone doesn't mean it's ok we let them hack in so easily. I think you also underestimate how a well timed hack could affect flight.
Call them idiot criminals if you want. They should still be rounded up by law enforcement and executed.
Why execute them? Because they make you angry?
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
More high quality products developed by private industry for the US Govt...
We will bankrupt ourselves in the vain search for absolute security. -- Dwight D. Eisenhower
It wasn't the private-sector-built aircraft that was hacked - it was the government network that was hacked.
Who built it? Irrelevant. What products were used? Irrelevant. It was shown to be secured by simply changing the default passwords, and leaving default passwords intact was a failure of management. So what kind of network is it, anyway? Oh, yeah, it's a .gov network. Management is controlled by the .gov entity, even if contractors are used for the keypresses and network cable enplugginations. The .gov entity is responsible for regular security audits on their systems. They failed on that management aspect.
Your being naive if you think crashing NASA's servers and getting thousands of employees personal information was nothing
Names, work email and phone numbers of government employees are not considered "personal information", and are generally available through published directories, and certainly FOIA requests (so says me, a former Records Custodian for the Air Force). As well, many are saying that all these idiots accessed were honeypots.
If you want news from today, you have to come back tomorrow.
What's the big deal? The drone cost 22.2 cents? They probably have a closet full of them. Are they made of copier paper and office supplies? Dang, those guys at NASA sure are creative, making a working drone from office supplies for a little over twenty-two cents each? USA! USA! USA!
Are YOU using the TOOL, or is the TOOL using YOU? Think about it!
They contract all of this stuff out to the private sector (the network and the monitoring of the network).
Northrup Grumman runs many government networks. (Not just NASA, also Defense, CDC, etc.)
I don't read your sig. Why are you reading mine?