A group of hackers claimed to have broken into NASA networks and hijacked a drone.
Image: NASA Goddard Space Flight Center/Flickr
A group of hackers claims to have broken into the computer systems of NASA, stealing hours of on-board footage from the agency's fleet of aircraft, hundreds of data logs from its weather and climate missions, as well as a list of names, phone numbers and emails of more than 2,400 employees.
The hackers dumped the allegedly stolen data online on Sunday, along with a long, rambling "zine" where they explained how they obtained the more than 250 GB of files. One of the group's administrators told Motherboard that they were actually able to steal as much as 1 TB of data, but couldn't upload it all.
The hackers, which call themselves AnonSec, also claimed to have taken "semi-partial control" of a NASA drone in a failed attempt to crash it into the ocean. In a manifesto accompanying the dump, the hackers explained that they were able to replace a file with the drone's pre-planned route with their own route. NASA denied this ever happened, and an expert told Motherboard it's highly unlikely they ever gained control of the drone, and that the file was probably just used to indicate waypoints for the drone operator.
Bizarrely, it doesn't seem there was any real motive behind the hack, other than the fact that the group could do it.
Bizarrely, it doesn't seem there was any real motive behind the hack, other than the fact that the group could do it, and that they got curious about how far they could get inside NASA's network.
"Because how often do you get that chance?" an AnonSec admin who calls himself "d3f4ult" told Motherboard, answering a question on why they allegedly tried to crash a drone. "Some members thought it was fate. We bought access to NASA just for fun and ended up partially controlling a $200million drone."
"That's life for ya," d3f4ult said in an encrypted chat, adding an emoticon with its tongue sticking out. "Crazy and unexpected."
(Fast forward to 5:19 to see the takeoff)
A NASA spokesperson, however, denied the hackers' claims.
"Control of our Global Hawk aircraft was not compromised," NASA's Allard Beutel said in a statement on Monday night. "NASA has no evidence to indicate the alleged hacked data are anything other than already publicly available data."
In a previous exchange on Friday, Beutel said that "NASA strives to make our scientific data publicly available, including large data sets, which is how the information in question was retrieved. In other words, we gave it away, it wasn't stolen."
"We gave [the data] away, it wasn't stolen."
Beutel, however did not respond to multiple questions regarding the 8 hours of footage, which do not appear to have ever been made public before.
In their zine, the hackers explained that they initially bought access to a hacked NASA system from somebody else who had infected it with the Gozi virus in 2013. The hackers then went on to explain step-by-step how they moved inside the network, until they got access to three backup hard drives belonging to NASA employee Eric Jensen. This is where the hackers allegedly found the data and video logs from NASA flights.
Dan Guido, the founder of security firm Trail of Bits, who reviewed the hackers' claims for Motherboard, said that some of their claims were feasible, but overall, he was skeptical.
"I think these hackers did gain access to *something* inside NASA," Guido said in an email. "It was clearly unclassified since all of the servers they claimed to hack were online on the internet. I doubt they are accurately describing their breach and that the reality is likely even more mundane. This obfuscation is likely motivated both by a desire to hype their reputation and to obfuscate efforts at incident response in NASA."
"I doubt they are accurately describing their breach and that the reality is likely even more mundane."
Moreover, Guido added, it's not that surprising that a NASA computer somewhere might have been infected with the Gozi virus. In fact, Motherboard reported last year that some NASA computers had been infected with Cryptolocker, a virus designed to take files ransom until a bitcoin payment is made.
"It is a sad reality that nearly all large corporations and government agencies have existing commodity malware inside their networks," Guido told me. "Access to this malware is bought and sold among criminals online and it's easy to gain access to most networks with only a few dollars and the right connections."
In any case, the allegedly stolen data is mundane in nature, making media coverage surrounding its release seem overblown. Most of the dumped data consists of the 8 hours of raw footage. There files are parts of large videos, which sometimes show spectacular aerial views of Arctic areas (and no, they don't feature any UFOs, sorry). Some videos are recorded while the planes were parked, showing glimpses of maintenance personnel working on them. Others simply show internal radar screens.
There's also 10 GB of flight data logs, some of which seem to correspond to the videos. All the data and video logs belong to NASA climate research missions such as Operation Ice Bridge, Airborne Tropical Tropopause Experiment, and Aerosol-Cloud-Ecosystem Mission, among others.
The hackers pointed to these missions as evidence that NASA is doing sinister geoengineering experiments with the climate. The hackers accused NASA of being responsible for "chemtrails," which are chemical long-lasting leftover materials sprayed onto the atmosphere. (There's a 20-year old conspiracy theory on chemtrails.)
The hackers apparently lost access to the network after they tried to crash the NASA drone. But d3f4ult couldn't remember exactly when that happened, since the "past two years been a blurr [sic] from all drugs & alcohol."