Starting last Tuesday, 14 subdomains of the National Aeronautics and Space Administration (NASA) went down.
One of them, dedicated to the Kepler mission that searches for habitable exoplanets, had an announcement posted that read, “Down for Maintenance: The requested webpage is down for maintenance. Please try again later.”
As Naked Security noted, these websites are all hosted in the heart of Silicon Valley. Although NASA is a high-profile hacking target, CWZ CyberCrime maintains the agency “is now more famous for its poor cyber security rather than anything else.”
An exaggeration, though maybe not from the security point of view.
Earlier known security problems include the exposure of the algorithms used to command and control the International Space Station. Data on the agency’s Constellation and Orion programs was leaked, as was personal information on thousands of NASA employees. Twice.
Every site the hackers hit was papered over with a deface page saying, “NASA HACKED! BY #BMPoCWe! Stop spy on us! The Brazilian population do not support your attitude! The Illuminati are now visibly acting! Obama heartless! Inhumane! you have no family? the point in the entire global population is supporting you. NOBODY! We do not want war, we want peace!!! Do not attack the Syrians!”
The hacked pages were all mission and internal administrative sites, including the Kepler Mission, Arctic Mars Analog Svalbard Expedition, NASA Events, Ames Academy for Space Exploration, Office of Planetary Protection, Virtual Astrobiology, NASA recruitment, Lunar Science Institute, Moon Fest 2009 and the International Lunar Network.
The same hacker or hacking group clipped NASA domains before, hitting four sites in April.
A NASA spokesman, reversing an earlier statement, told Fox News that the sites were hit but that no information was compromised.
It is quite possible that NASA was chosen as a target because it was, as Naked Security put it, “low hanging fruit.”
UPDATE: An alternate theory, suggested by some readers and based on the “Stop spy on us!” part of the hackers’ message, suggests the hackers actually intended to hit the National Security Agency (NSA), but got its acronyms confused and targeted NASA instead.
H/T Naked Security | Photo via Luke Bryant/Flickr