Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
NASA Security The Military

AnonSec Attempts To Crash $222m Drone, Releases Secret Flight Videos (ibtimes.co.uk) 133

An anonymous reader writes with an excerpt from IBTimes that says it's not just governments that have proven themselves capable of hacking into drones: Hackers from the AnonSec group who spent several months hacking NASA have released a huge data dump and revealed they tried to bring down a $222m Global Hawk drone into the Pacific Ocean. The hack included employee personal details, flight logs and video footage collected from unmanned and manned aircraft. The 250GB data dump contained the names, email addresses and phone numbers of 2,414 NASA employees, 2,143 flight logs and 631 videos taken from Nasa aircraft and radar feeds, as well as a self-published paper (known as a 'zine') from the group explaining the extensive technical vulnerabilities that the hackers were able to breach. Among these: the group discovered that the flight paths uploaded into each drone could be replaced with their own.
This discussion has been archived. No new comments can be posted.

AnonSec Attempts To Crash $222m Drone, Releases Secret Flight Videos

Comments Filter:
  • hmm .. (Score:4, Insightful)

    by invictusvoyd ( 3546069 ) on Tuesday February 02, 2016 @08:13AM (#51420481)

    AnonSec found that the administrator credentials for securely controlling Nasa computers and servers remotely were left at default

    Hmm ..

    • AnonSec found that the administrator credentials for securely controlling Nasa computers and servers remotely were left at default

      AnonSec found that the administrator credentials for securely controlling Nasa's HONEYPOT computers and servers remotely were left at default...

      • Honeypot ? They almost managed to crash the drone.
        • Honeypot ? They almost managed to crash the drone.

          Is that a fact ? Says who? A bunch of script kiddies that bought a hack into a honeypot and went on to disclose publically available information? A bunch of script kiddies that believe in "Chemtrails"?

          Please adjust your tin-foil hat, it's not working.

  • Main purpose... (Score:5, Interesting)

    by Dins ( 2538550 ) on Tuesday February 02, 2016 @08:18AM (#51420505)
    From TFA:

    According to Infowars, which was alerted to the zine's existence by AnonSec, the hackers' main purpose in hacking Nasa was to highlight the fact that the US government is using climate engineering methods such as cloud seeding and geo-engineering to manipulate the climate and cause more rain to fall in order to combat the effects of carbon emissions.

    Well...? Are they?

    • by Viol8 ( 599362 )

      "Well...? Are they?!"

      No. But I've heard they might be selling US Govn branded tin foil hats to "special" people.

      • "Well...? Are they?!"

        No. But I've heard they might be selling US Govn branded tin foil hats to "special" people.

        How do you know? Cloud seeding has been used for decades to modify the weather. I'm not saying it is or isn't happening. But you seem very quick to dismiss such an idea when it's really not far fetched at all.

        • by Viol8 ( 599362 )

          Because the amount of rain needed to pull significant amounts of CO2 out of the atmosphere would cause biblical floods. And there probably isn't enough water vapour in the air to do it anyway. Anonsec shouldn't have skipped chemistry classes at school.

        • by doggo ( 34827 )

          Cloud seeding has been used to attempt to modify weather for decades. It's just not that effective.

    • Re: (Score:3, Funny)

      by Anonymous Coward

      Of course they are....Look at California for the last 5-6 years. Constant rainfall. No wildfires at all

    • Re:Main purpose... (Score:5, Informative)

      by OzPeter ( 195038 ) on Tuesday February 02, 2016 @08:51AM (#51420677)

      From TFA:

      According to Infowars, which was alerted to the zine's existence by AnonSec, the hackers' main purpose in hacking Nasa was to highlight the fact that the US government is using climate engineering methods such as cloud seeding and geo-engineering to manipulate the climate and cause more rain to fall in order to combat the effects of carbon emissions.

      Well...? Are they?

      Given that Cloud seeding has been around for 70 years [wikipedia.org] why would it it be a surprise or controversial that NASA was experimenting with it?

      • From TFA:

        According to Infowars, which was alerted to the zine's existence by AnonSec, the hackers' main purpose in hacking Nasa was to highlight the fact that the US government is using climate engineering methods such as cloud seeding and geo-engineering to manipulate the climate and cause more rain to fall in order to combat the effects of carbon emissions.

        Well...? Are they?

        Given that Cloud seeding has been around for 70 years [wikipedia.org] why would it it be a surprise or controversial that NASA was experimenting with it?

        Because it's not reported on the evening news. And everyone knows that if it's not on the evening news it didn't happen, and anyone who thinks it might have is a tinfoil hat wearing conspiracy theorist.

    • by Anonymous Coward

      I wouldn't think this would be something you could hide easily, nor would you need to. That sounds like a BS reason to me. They are doing it for fun or for some other reason and that is just their idiotic cover.

      If the US could fight climate change with clouds and NASA, we'd be plastering that all over the news. Maybe NASA did some experiments and some idiotic hacker found the data and assumed it was a global conspiracy rather than NASA just playing around with science as they often do.

      Is the government secr

    • by iceaxe ( 18903 )

      From TFA:

      According to Infowars...

      Mmmmhmm. Methinks we're seeding tempests in teacups, here.

  • by p51d007 ( 656414 ) on Tuesday February 02, 2016 @08:20AM (#51420509)
    How much of a hack is it, when the basic understanding of their servers, is bought from someone from either within or a former member of the I.T. team? "AnonSec explains that it purchased an "initial foothold" from a hacker with knowledge of Nasa's servers in 2013"
    • In addition, many are suggesting that all they accessed was honeypots with essentially open doors. By the way, names, work email and office phones of most government employees are not classified in any way and available through published directories, and certainly FOIA requests (so says me, a former Records Custodian for the Air Force).

    • A good system ( not just code but process ) should have protection against credential exposure.

  • by Anonymous Coward

    names, email and phone numbers of all NASA employees are public, and on the web at people.nasa.gov. tens of thousands of em, free for the taking. There's also an x.500 directory.

    • by jc42 ( 318812 ) on Tuesday February 02, 2016 @10:18AM (#51421101) Homepage Journal

      names, email and phone numbers of all NASA employees are public, and on the web at people.nasa.gov. tens of thousands of em, free for the taking. There's also an x.500 directory.

      Perhaps, but the US "security" system doesn't consider the fact that info is openly published to be a reason not to classify the info as "secret".

      There was a fun report some time back, about the US Dept of Defense funding a couple of academic researchers to study what could be learned about US military forces solely from publicly-available published sources. They spent some months collecting publications, wrote up their report, sent it to the DoD -- and within a couple of days it had a Secret classification. ;-)

      Everyone who read the story got a good laugh, of course, but it does serve as an example of the logic behind the security classification system. It's also a useful counter-example of the old "If you've done nothing illegal, you have nothing to fear" mantra. In the US, it certainly can be illegal to be in possession of information that a government agency has published openly. It can even be illegal to know that it's illegal to have some information. (Google "FISA warrant" for some examples. ;-)

      • There was a fun report some time back, about the US Dept of Defense funding a couple of academic researchers to study what could be learned about US military forces solely from publicly-available published sources. They spent some months collecting publications, wrote up their report, sent it to the DoD -- and within a couple of days it had a Secret classification. ;-)

        That's not necessarily as odd as it sounds. A bunch of open source information, compiled and interpreted, can become classified. What's interesting is what is collected and what it is used for, not that all the sources were unclassified.

      • Umm, not illegal for a general citizen of the United States to obtain and possibly publish classified information, you might get a VISIT after the fact of publishing it asking you not to publish again and to withdraw the publication but not illegal unless you have signed a non-disclosure agreement when receiving a security clearance or you used illegal means to obtain the information. Settled pretty well during the '70s Pentagon Papers incident.

      • That's called "classification by aggregation." It's a thing. Like the letter "a" and the letter "b" are not classified by themselves but the string of characters you put together for an admin password for a system is classified. Think of it like that.
  • We've have planned obsolescence. Why not planned corruption of data systems?

    It seems clear the ability to keep nearly anything secure wanes exponentially with the amount of effort the infiltrator is willing to expend.

    TFA mentions some of the Anonsec members had reservations about crashing the $222 million UAV, so there's no way we can know for certain that didn't play a role, but ground control was able to take control back manually through satellite connection. There is likely some additional redundancy

  • The circumstance appears to be that we can advance technology faster than we can advance technology to secure the products of progress. So how do we get security out front, instead of releasing devices and then trying to figure out how to secure them? I suggest that part of the problem rests in having that human link to the drones. If we used technology similar to what exists in the Cruise missiles it becomes a launch it and leave it alone type of device instead of needing humans to continue its miss
    • The problem is that any automated system needs an 'oops... nevermind, don't do that' button, so there will always be a vector of attack.
    • by swb ( 14022 )

      âoeCivilization is a hopeless race to discover remedies for the evils it produces.â

      â Jean-Jacques Rousseau

      You could probably extend that by saying that security is a hopeless race because it depends on a posteriori knowledge of the system in order to discover weaknesses.

      You can ameliorate it by making security review an iterative process of design and not releasing the technology until after it has been refined, but you still don't know what new problems may emerge until after it has been ref

  • NASA uses their Globalhawk drones for Hurricane/Typhoon research which directly helps meteorologists refine hurricane tracks so people can GTFO of the way of the worst part of the storm damage via evacuations.

    No Globalhawk = less accurate hurricane track, which results in more dead humans = Attempted Murder. Find 'em. Execute them. They admitted their crimes so no need for a trial

    • by Baron_Yam ( 643147 ) on Tuesday February 02, 2016 @08:58AM (#51420701)

      More or less. There is no acceptable or even pseudo-acceptable justification for this attack.

      There's no secret conspiracy uncovered, no risk to national security the government won't admit to or fix, just NASA doing what they're supposed to be doing.

      And these idiots deciding to try and fuck it up as best they can because they can. A lengthy stay in prison without access to electronics might just be what they need to smarten up. If not, at least they'll have less opportunity to cause trouble for a while.

    • by hey! ( 33014 )

      If the standard is that people who do things that through several links of causality are guilty of murder, probably everyone is guilty of murder. Economic crimes cause excess deaths because of opportunity costs. Do any of the companies you invest in do financially dodgy stuff? How about companies invested in by your mutual funds? Loaned money by your bank?

  • by kheldan ( 1460303 ) on Tuesday February 02, 2016 @11:51AM (#51421745) Journal
    What's the big deal? The drone cost 22.2 cents? They probably have a closet full of them. Are they made of copier paper and office supplies? Dang, those guys at NASA sure are creative, making a working drone from office supplies for a little over twenty-two cents each? USA! USA! USA!
    • by tnk1 ( 899206 )

      Technically, this is possible. Land values in the US for tax purpose are in "mils" which are 1/1000th of a dollar. Even when this was created early on, a "mil" was never more than a unit of account.

      If only the drone was actually priced in mils....

  • Why the fuck did they target NASA?? I mean NASA is a civilian organization with limited funding and mostly non military projects so why did they try to drop a research drone into the ocean?

    If they wanted to make a point about how easy a drone was to hack why didn't they go after the DoD? Oh, that's right, the DoD actually has better security in place (not perfect I know, but better) and AnonSec probably couldn't even get a phone number to call.

    I usually side with the Hackers and Hacktivists but this t
  • There's a follow-up to the NASA hack story - 10,000 machines in NASA's internal network are broadcasting malware signatures, and over 30 databases are exposed to the public web: http://www.ibtimes.co.uk/nasa-... [ibtimes.co.uk]
  • I don't get it...

    Why in the world would a drone carry employee data?

The trouble with being punctual is that nobody's there to appreciate it. -- Franklin P. Jones

Working...