Slashdot Mirror
AnonSec Attempts To Crash $222m Drone, Releases Secret Flight Videos (ibtimes.co.uk)
An anonymous reader writes with an excerpt from IBTimes that says it's not just governments that have proven themselves capable of hacking into drones: Hackers from the AnonSec group who spent several months hacking NASA have released a huge data dump and revealed they tried to bring down a $222m Global Hawk drone into the Pacific Ocean. The hack included employee personal details, flight logs and video footage collected from unmanned and manned aircraft. The 250GB data dump contained the names, email addresses and phone numbers of 2,414 NASA employees, 2,143 flight logs and 631 videos taken from Nasa aircraft and radar feeds, as well as a self-published paper (known as a 'zine') from the group explaining the extensive technical vulnerabilities that the hackers were able to breach.
Among these: the group discovered that the flight paths uploaded into each drone could be replaced with their own.
AnonSec found that the administrator credentials for securely controlling Nasa computers and servers remotely were left at default
Hmm ..
According to Infowars, which was alerted to the zine's existence by AnonSec, the hackers' main purpose in hacking Nasa was to highlight the fact that the US government is using climate engineering methods such as cloud seeding and geo-engineering to manipulate the climate and cause more rain to fall in order to combat the effects of carbon emissions.
Well...? Are they?
How much of a hack is it, when the basic understanding of their servers, is bought from someone from either within or a former member of the I.T. team? "AnonSec explains that it purchased an "initial foothold" from a hacker with knowledge of Nasa's servers in 2013"
They're not terrorists. They're criminals, yes, and idiots too, but their intent was not to cause terror. Yes they should be arrested, but let's stop labeling every extreme action "terrorism" when that's obviously not the intent.
The problem is they couldn't actually do either action. This is a bunch of hype trying to claim greater "hacking" capability than they actually have. Hell, even the article says they gained access by purchasing it from someone else.
Having worked on those aircraft for the better part of 10 years, these guys didn't do a damn thing. The mission plans would have been noticed immediately as using the wrong waypoints and been corrected, manually or from known-good files. These guys didn't have a chance of actually crashing anything except maybe a couple of servers at NASA, which would have done nothing.
NASA clearly needs to update some of their Network security protocols and probably fire a couple of people, but this is a non-story with respect to the drones. It's FUD trying to drive site clicks.
"Growing old is inevitable; growing up is optional."
More or less. There is no acceptable or even pseudo-acceptable justification for this attack.
There's no secret conspiracy uncovered, no risk to national security the government won't admit to or fix, just NASA doing what they're supposed to be doing.
And these idiots deciding to try and fuck it up as best they can because they can. A lengthy stay in prison without access to electronics might just be what they need to smarten up. If not, at least they'll have less opportunity to cause trouble for a while.
What an ignorant comment. NASA is using these drones for scientific missions. Among other things, they take measurements of the ozone layer, collect data on transport of aerosols and pollutants over the Pacific (which undoubtedly impacts the weather on the west coast), and collects data on developing Atlantic hurricanes. Just because something isn't particularly secure doesn't mean you should hack it. I'd bet that the signals sent to the Voyager spacecraft and probably the Mars rovers don't use strong encryption. I'd bet if someone put their mind to it, they could spoof the signals sent to them. It would also be a dick move to interfere with valuable scientific missions just because you want to hack something. I understand the concept of hacktivism but this isn't it. That you consider NASA's atmospheric research your enemy says more than enough about you.
More high quality products developed by private industry for the US Govt...
We will bankrupt ourselves in the vain search for absolute security. -- Dwight D. Eisenhower
names, email and phone numbers of all NASA employees are public, and on the web at people.nasa.gov. tens of thousands of em, free for the taking. There's also an x.500 directory.
Perhaps, but the US "security" system doesn't consider the fact that info is openly published to be a reason not to classify the info as "secret".
There was a fun report some time back, about the US Dept of Defense funding a couple of academic researchers to study what could be learned about US military forces solely from publicly-available published sources. They spent some months collecting publications, wrote up their report, sent it to the DoD -- and within a couple of days it had a Secret classification. ;-)
Everyone who read the story got a good laugh, of course, but it does serve as an example of the logic behind the security classification system. It's also a useful counter-example of the old "If you've done nothing illegal, you have nothing to fear" mantra. In the US, it certainly can be illegal to be in possession of information that a government agency has published openly. It can even be illegal to know that it's illegal to have some information. (Google "FISA warrant" for some examples. ;-)
Those who do study history are doomed to stand helplessly by while everyone else repeats it.
It wasn't the private-sector-built aircraft that was hacked - it was the government network that was hacked.
Who built it? Irrelevant. What products were used? Irrelevant. It was shown to be secured by simply changing the default passwords, and leaving default passwords intact was a failure of management. So what kind of network is it, anyway? Oh, yeah, it's a .gov network. Management is controlled by the .gov entity, even if contractors are used for the keypresses and network cable enplugginations. The .gov entity is responsible for regular security audits on their systems. They failed on that management aspect.
Your being naive if you think crashing NASA's servers and getting thousands of employees personal information was nothing
Names, work email and phone numbers of government employees are not considered "personal information", and are generally available through published directories, and certainly FOIA requests (so says me, a former Records Custodian for the Air Force). As well, many are saying that all these idiots accessed were honeypots.
If you want news from today, you have to come back tomorrow.
What's the big deal? The drone cost 22.2 cents? They probably have a closet full of them. Are they made of copier paper and office supplies? Dang, those guys at NASA sure are creative, making a working drone from office supplies for a little over twenty-two cents each? USA! USA! USA!
Are YOU using the TOOL, or is the TOOL using YOU? Think about it!
They contract all of this stuff out to the private sector (the network and the monitoring of the network).
Northrup Grumman runs many government networks. (Not just NASA, also Defense, CDC, etc.)
I don't read your sig. Why are you reading mine?