A recently discovered hack on NASA data that exposed username and password information of the agency’s employees is actually a copy of information that was exposed in 2013, according to NASA.
“NASA officials have looked into the alleged data hack recently posted to a website where such information is shared publicly, and confirmed that the data set is, in fact, a duplicate of a 2013 post on this same website,” the NASA Office of Communications told MeriTalk.
Over the weekend Red Cell Infosec CEO Dominique Davis discovered the usernames and login credentials posted on the website Pastebin, as first reported by SC Magazine. In addition to the supposed hack, the hacker, who operates under the name PLASTYNE or Anarchy Ghost, released a video on YouTube, documenting the steps to access the weakness in NASA servers.
“The YouTube video demonstrates access to an FTP server with credentials of Username: ftp Password: ftp. According to another comment on the Youtube video, those ftp credentials used in the demonstration have been around for some time,” said Thomas Pore, director of IT and services at Plixer International. “If PLASTYNE published detailed instructions of how to access NASA’s network, the posts have been deleted, and hopefully used to help close the vulnerabilities. While the credentials leaked always present a significant problem, it’s unlikely that they were used for network/domain access as NASA has a strict password policy. Most if not all passwords leaked do not meet those minimum qualifications.”
Pore originally speculated that the hack wasn’t as big as was initially reported, given the evidence available online. “In light of this news, I’m not surprised,” Pore added. “I was skeptical from the start; there simply wasn’t enough evidence to back up the class of a ‘direct massive attack’ as originally reported.”
The YouTube video illustrating the hack was posted on June 23, 2016, despite the fact that the information exposed looks to be copied from the 2013 posting.
“You could literally copy the exact commands he’s running and access the same material,” said Pore.
Pore speculates that the PLASTYNE is likely a 10- to 14-year-old kid from Brazil, based on previous hacks and behavior. He also notes that this hacker so far hasn’t bragged about the hack on his Facebook page, as he has done about previously successful hacks.
The video also includes audio and video clips from the USA Network show Mr. Robot, whose main character joins a hacktivist group that targets corporate America.
“I think he does see himself as a hacktivist,” Pore said of PLASTYNE. Beyond potential hacktivism, it’s not certain what the motivations for video and credentials posting were.
“Even when an attacker specifically declares a motivation for an attack, it can be difficult to determine what really drove them,” said Tim Erlin, senior director of IT security and risk strategy at Tripwire.