After a claim that NASA was hacked, the space agency this week engaged in a full-court press to deny the allegation, stating that any data obtained was already publicly available.
However, a former NASA employee walked back that line of reasoning on Thursday, saying that the information could have been gained by hacking, but that it wouldn’t have been difficult to accomplish.
“This has always been online,” Keith Cowing, who now serves as the editor of NASA Watch, told Motherboard in an interview. “A lot of stuff may be sitting on the server and it’s like ‘who cares.’ It’s just stuff and you don’t really need to spend a lot of money firewalling it from every prying eye because there’s nothing sensitive in there.”
The hackers responded to the assertion in an apparently passionate statement to Motherboard.
“WE SPECIFICALLY STATED… WE KNOW MOST NASA MISSIONS DATA IS PUBLIC, BUT WE INHERENTLY DONT TRUST THESE AGENCIES,” the hacker said, “SO WE WANTED REEEAAAAAALLLL RAW ACCESSS TO THE DATA [sic].”
Reports earlier in the week indicated the hackers had accessed NASA systems in an operation dubbed “OpNasaDrones,” and claimed to have even briefly co-opted control of one of the agency’s drones. To prove their claim, they released thousands of photos, videos and mission logs from the agency’s drone fleet, in addition to personal information on more than 2,400 employees.
Some of that information was likely available on websites NASA makes available to the public. Those include sites including Open.NASA.gov, Data.NASA.gov, API.NASA.gov, and Code.NASA.gov.
However, in addition to making 276 gigabytes of data available, the hackers also claimed that a number of the agency’s passwords were left on their default settings, an allegation to which NASA has not responded. Agency spokesman Allard Beutel refused a request for comment, stating that an investigation was ongoing.
If it was the case that passwords were left on default settings, that may have run contrary to standards set by the National Institute of Standards and Technology, which sets IT policy used by the federal government.
However, Cowing suggested on Thursday, even if it was the case, the passwords were not protecting anything significant.
Related Story: http://www.washingtonexaminer.com/article/2582276
“They may have hacked in but their gopher tunnel may have gone sideways as opposed to deep in, and they just bumped into something that was already publicly available,” Cowing said.
