Last week, a group of hackers calling themselves AnonSec claimed to have broken into NASA and stolen more than 250 GB of data, including 8 hours of on-board footage from the agency’s fleet of aircraft.
But as it turns out, some of the data may already have been on the internet, publicly available for everyone to see.
Keith Cowing, the editor of NASA Watch and a former NASA employee, did some Googling around and found a website where anyone can download raw footage and data logs from a number of NASA weather and climate missions.
“This has always been online,” Cowing told Motherboard in a phone interview. “A lot of stuff may be sitting on the server and it’s like ‘who cares.’ It’s just stuff and you don’t really need to spend a lot of money firewalling it from every prying eye because there’s nothing sensitive in there.”
A screenshot of the ancient-looking NASA website where visitors can download raw data from NASA climate and weather missions.
The website lists some of the same missions the hackers listed in their manifesto or “zine,” and some of the videos, as well as data logs, come from the same missions. Cowing revealed the website in a blog post on Thursday, where he also pointed to another site listing locations and dates of all NASA flights going back to 2011.
The hackers claimed to have initially purchased access to NASA systems back in 2013, buying it from other cybercriminals who had infected the a NASA computer with the Gozi virus.
After that, the hackers claimed to have moved inside the NASA network until they found three backup hard drives belonging to NASA employee Eric Jensen, where the flight data was stored. The hackers even claimed to have taken “semi-partial control” of a NASA drone in an attempt to crash it into the ocean.
NASA responded to the hackers’ claims saying that it had “no evidence” that the leaked data and videos was “anything other than already publicly available data.”
”They [may have] just bumped into something that was already publicly available.”
“NASA strives to make our scientific data publicly available, including large data sets, which is how the information in question was retrieved. In other words, we gave it away, it wasn’t stolen,” NASA spokesperson Allard Beutel told Motherboard last week.
On Thursday, Beutel sent another statement: ”I obviously don’t know where the hackers found the videos, but I can confirm those videos are available on that publicly accessible website.”
Security experts were already very skeptical of the hackers’ claims, with one saying that “the reality behind it was “likely more mundane.” This new evidence is only bound to fuel those doubts and cast a shadow on all of the group’s claims. But an Anonsec administrator who calls himself “d3f4ult” defended his group’s actions.
“WE SPECIFICALLY STATED IN THE ZINE WE KNOW MOST NASA MISSIONS DATA IS PUBLIC, BUT WE INHERENTLY DONT TRUST THESE AGENCIES SO WE WANTED REEEAAAAAALLLL RAW ACCESSS TO THE DATA [sic],” the hacker told me on Thursday.
Cowing challenged the hackers to release the logs of their activity if they really want to prove their claims. At the same time, he also admitted that it’s possible that the group did get into some NASA system and didn’t even realize where they were.
“They may have hacked in but their gopher tunnel may have gone sideways as opposed to deep in, and they just bumped into something that was already publicly available,” Cowing told me.
With the new evidence he found online, that theory appears more likely every day.
Jason Koebler contributed reporting.