Both the National Aeronautics and Space Administration (NASA, and the European Space Agency (ESA) have confirmed that their systems were indeed penetrated by the new hacker group known as the Unknowns. The systems that were breached have already been patched, which is what the Unknowns said was their goal in the first place.
The Unknowns successfully attacked 10 websites: NASA – Glenn Research Center, U.S. military, U.S. Air Force, European Space Agency, Thai Royal Navy, Harvard University, Renault, French ministry of Defense, Bahrain Ministry of Defense, Jordanian Yellow Pages. they also posted screenshots showing they gained accessed to each and every one. The group even put together 250MB worth of military documents from their hacks and uploaded the collection to MediaFire.
“NASA security officials detected an intrusion into the site on April 20 and took it offline,” a NASA spokesperson said in a statement. “The agency takes the issue of IT security very seriously and at no point was sensitive or controlled information compromised. NASA has made significant progress to better protect the agency’s IT systems and is in the process of mitigating any remaining vulnerabilities that could allow intrusions in the future.”
ESA security office manager Stefano Zatti told ZDNet UK that “The group used SQL injection… The use of SQL injection is an admitted vulnerability. this needs to be addressed at a coding level.”
More and more companies are coming under foreign attacks from the likes of China and Iran. These guys’ heart is in the right place, I just wish there was an easier way to get people’s attention than breaking the law. But if we are safer because of this, how can I complain?
The Unknowns released a statement:
“We are a new hacker group, we have never been in any hacking team before. We are not Anonymous Version 2 and we are not against the US Government. We can’t call ourselves White Hat Hackers but we’re not Black Hat Hackers either… Now, we decided to hack these sites for a reason… These Websites are important, we understand that we harmed the victims and we’re sorry for that – we’re soon going to email them all the information they need to know about the penetrations we did. We still think that what we did helped them, because right now they know that their Security is weak and that it should be fixed.
We wanted to gain the trust of others, people now trust us, we’re getting lots of emails from people we never knew, asking us to check their website’s security and that’s what we want to do. Our goal was never to harm anyone, we want to make this whole internet world more secured because, simply, it’s not at all and we want to help. We don’t want revolutions, we don’t want chaos, we just want to protect the people out there. Websites are not secured, people are not secured, computers are not secured, nothing is…We’re here to help and we’re asking nothing in exchange.”