How easy do think it would be to fly a NASA Hawk Drone? Well, an activist group called AnnonSec had their brief time in the sky. The hackers claimed to have altered the flight path of a Global Hawk Drone (worth around £154m) with the aim of crashing it. What’s is even more worrying was the apparent ease in which they conducted the hack.
The group AnnonSec revealed a large amount of data that was stolen from NASA servers. They also shared the details of how they almost submerged the £154m ($222m) drone into the Pacific Ocean.
According to a report revealed by AnnonSec, the hackers managed to get their hands on 250Gb data cache and drone access over a period of several months that started in 2013. The data cache included information of over 2400 NASA employees which contained their names, email addresses and telephone numbers. There was also 2100 flight logs and 631 videos taken from aircraft and radar feeds.
So how did these hackers get access to one of America’s most sensitive government agencies?
According to AnnonSec they first gained access to NASA’s systems after purchasing user credentials from a third-party hacker in 2013. They found that administrators details for remote control of servers and computers had been left to default. This gap allowed them to install a sniffer packet, which then went on the pursuit of more user credentials.
“People might find this lack of security surprising but it’s pretty standard from our experience,” AnonSec stated in the report. “Once you get past the main lines of defence, it’s pretty much smooth sailing propagating through a network as long as you can maintain access.”
Their time in the sky
AnnonSec said the drone had pre-planned routes for the drone to fly on, they just altered the route to one that would result to the drone crashing into the pacific ocean.
“Several members were in disagreement on this because if it worked, we would be labelled terrorists for possibly crashing a $222.7m US drone… but we continued anyways lol,” the group said in the report.
NASA noticed the change in flight paths and cut the groups access by changing passwords and patching vulnerabilities. They then manually restored the drones path. The group hacked NASA to gain information abuts the agencies alleged involvement in climate engineering methods e.g. cloud seeding which AnnonSec believes to be damaging to human health.