Hackers hit NASA Web sites
- By Joab Jackson
- Dec 18, 2003
Hackers attacked 13 NASA Web sites yesterday and changed their contents, agency spokesman Brian Dunbar confirmed today. As a result of the compromise, the agency has taken the sites offline until the vulnerabilities can be identified and fixed, he said.
All the sites were subdomains of the Nasa.gov Web address, including the NASA Research & Education Network (www.nren.nasa.gov), the Advanced Supercomputing Division (www.nas.nasa.gov), the Information Power Grid (www.ipg.nasa.gov) and the Computing, Information and Communications Technology Program (www.cict.nasa.gov).
All four of those sites were running a version of the Apache Web server software and the PHP scripting language under the Unix operating system, according to Netcraft, a Bath, England-based Internet services company that logs technical information on Internet Web hosts.
The sites have been offline since yesterday, according to Dunbar. None of the four sites responded to HTML requests or ping queries (a utility that determines if an IP address is on the network) from the PostNewsweek Tech Media offices this morning. Dunbar did not estimate when the sites would be back online.
Security consulting firm Mi2G Ltd., which reported the compromise yesterday, said the attack was done in response to celebrations surrounding the 100th anniversary of the Wright brothers' first flight at Kitty Hawk, N.C. Mi2G said that the culprit is a 'Brazilian hacking group' that goes under the name DRWXR.
A query to the e-mail address left on the compromised NASA sites confirmed that an organization called DRWXR claimed responsibility for the attack. '[W]e from 'drwxr' attacked the NASA server and changed the main pages with some critical messages,' the group responded.
The attacker replaced the NASA pages with ones stating that the DRWXR had compromised the site, along with brief video footage of U.S. soldiers in Iraq. The London-based Mi2G Ltd. also noted that the controversy over the true originator of an airplane may have also spawned the attacks, as some believe Brazilian Alberto Santos-Dumont built and flew a personal aircraft prior to the Wright brothers' flight.
'This is one of the most significant breaches of .gov domain ' sites in the last six months,' the Mi2G bulletin read. 'In the wake of the war with Iraq, significant effort has been put into protecting online computer systems by the [U.S.] federal and state governments, making regular and publicly visible breaches of computing infrastructure a less frequent occurrence.'
Joab Jackson is the senior technology editor for Government Computer News.