BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Anon steals a bunch of data from NASA, threatens to release it

From: Inga Goddijn <inga () riskbasedsecurity com>
Date: Wed, 3 Feb 2016 13:02:22 -0600
http://www.itproportal.com/2016/02/03/anon-steals-a-bunch-of-data-from-nasa-threatens-to-release-it/

Hacktivist group Anonymous recently breached NASA, stealing somewhere
between 100 and 276GB of data, the In <http://icitech.org/>stitute for
Critical Infrastructure Technology <http://icitech.org/> says. The data was
stolen from NASA’s servers and drones, and include drone video and radar
footage, flight logs and employee information.

Anonymous claims NASA is not telling the truth about global warming – it
wants the agency to disclose the ‘actual’ amount of radioactive chemicals
in the upper atmosphere, and threatens to release the data unless NASA
complies within a month.

The group targeted specific data – drone footage in particular, as it
contains records of chemical samples from the upper atmosphere. The stolen
data was allegedly already given to WikiLeaks and The Guardian. No word
from NASA or the FBI at this point.

No one really knows how Anonymous managed to find their way inside NASA.
There have been speculations that the group managed to buy its way in –
purchasing its foothold from someone within the agency. They might have
even bruteforced their way in – the group claims to have used a sniffing
program to steal a system administrator password.

The group split in two, with one part targeting NASA’s systems and stealing
data, while the other was sniffing through it. Anonymous says it spent
months inside the system and deleted all indicators of ever being present
on the network.

James Scott, Co-Founder of the Institute for Critical Infrastructure
Technology finds it hard to believe that NASA couldn’t have defended
against this attack.

“First, it’s hard to believe that NASA hasn’t made use of a virtually
unlimited budget to allocate funds to create the most technologically
sophisticated cyber-barricade around their techno-infrastructure,” he says.

“If this breach claim is indeed accurate, a few things that could have
thwarted or substantially slowed down the breach would be:

   - User behavioural analytics: an early warning mechanism to detect
   abnormalities in user behaviour
   - User behavioural biometrics: another early warning mechanism most
   valuable when used with UBA to detect physical abnormalities in user’s
   technical behaviour
   - Multi layered field encryption of data in transit and stationary:
   name, email, phone etc. should each possess individual and unique
   encryption algorithms so that if the adversary breaches the network and
   goes undetected and is able to exfiltrate information, they have to
   literally decrypt each field.
   - Ongoing penetration testing: red team penetration testing by highly
   skilled hired-hackers to uncover vulnerabilities in the organization’s
   network and IoT attached devices.
   - Insider threat analysis: people who work at federal agencies with
   access to highly classified material must undergo ongoing direct and
   indirect psychological and lifestyle assessments to see if they are a
   current threat or could become a future threat. Credit profile, marital and
   familial relationships, financial stress, and professional satisfaction
   etc., all play a role in assessing the potential threat that comes from
   inside an organization. A certain level of privacy will need to be
   interrupted for federal employees with high level clearances as the IoT
   attach surface expands.
   - Consider each network, device, drone, NASA location vulnerable and
   breached until proven otherwise by penetration testing and vulnerability
   assessment/risk analysis. These simulations should take into consideration
   all know threat actors, vulnerabilities and exploits.
   - Change administration credentials from ‘default’ to creative
   combination of 16 randomized numbers, letters, upper and lower case (it is
   ‘claimed, that the adversary was able to brute force admin credentials in
   .32 seconds because the credentials were set as “default”).”

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Need access to data breach details or alerts when new breaches happen? Risk Based Security's Cyber Risk Analytics 
portal, fueled by the RBS breach research team, provides detailed information on how data breaches occur and which 
vendors to trust. Contact us today for a demo.
Previous By Date Next
Previous By Thread Next

Current thread: