NASA insists hackers didn’t hijack its drone for a Pacific suicide mission

Despite claims to the contrary, NASA says that no, hackers’ recent efforts to breach their servers didn’t lead to a commandeered government drone in a thwarted Pacific Ocean suicide mission.

On Sunday, the hacker group AnonSec dropped what seemed to be a blockbuster: It had long ago hacked NASA’s servers and has been rummaging around its servers for years, the group said. In particular, it was fascinated by NASA’s weather drones, and how they might relate to the established conspiracy theory that streaks in the sky, usually left in the wake of aircraft, are evidence of the government spraying chemicals on its own land and people. In the long text Anonsec included with the data dump, the group wrote that “One of the main purposes of the Operation was to bring awareness to the reality of Chemtrails/CloudSeeding/Geoengineering/WeatherModification, whatever you want to call it.”

Indeed, as part of the data dump, the group included an enormous trove of footage from NASA’s unmanned aircraft. Of all the files that the Daily Dot was able to view, most were either of a camera pointed at what appeared to be drones’ measurements, or more strikingly, the actual footage drones captured.

AnonSec says that WikiLeaks and the Guardian declined to publish their files. (Neither responded to the Daily Dot’s request for comment.) And there’s reason to think this drone footage isn’t evidence of an enormous government conspiracy. Not only are chemtrails easily, naturally explained by aircraft water vapor, but NASA has long been open about its fleet of unmanned aircraft, particularly as part of its multiple, extensive weather survey programs.

“NASA has no evidence to indicate the alleged hacked data are anything other than already publicly available data,” spokesperson Allard Beutel told the Daily Dot in a prepared statement. “NASA strives to make our scientific data publically available, including large data sets, which seems to be how the information in question was retrieved.”

AnonSec also explicitly claims that it pulled off a single enormous stunt: Hijacking one of those drones for a joyride over the Pacific, a mishap only averted by NASA seizing control.

“Several members were in disagreement on this because if it worked, we would be labelled terrorists for possibly crashing a $222.7 million US Drone… but we continued anyways lol,” Anonsec wrote. “This recreated flight is from our attempt to crash the GlobalHawk into the Pacific Ocean but seemed to have been taken off of the malicious pre-planned route and was controlled via SatCom by a pilot once GroundControl realized.”

AnonSec

NASA, which refused to confirm or deny whether its servers were actually breached, was firm that such a hijacking never happened. “Control of our global hawk aircraft was not compromised,” Beutel stressed.

Beutel declined to explain why such a hack would be impossible, however, or where AnonSec would have gotten its flightpath image. “we really did temporarily hijack one of their drones, reguardless of whatever they say,” AnonSec representative Dêfãult Vírüsa told the Daily Dot over Twitter direct message. “i mean what did everyone expect them to say, ‘yes we got hacked, we have horrible security?’”

NASA explained the drone videos by referencing its “more than 30,000 datasets” and saying that “seems to be how the information in question was retrieved,” but refused to specify where those drone videos were stored. A perusal of those links didn’t immediately unearth those hours of drone footage.

“ive yet to see the drone videos public anywhere,” Dêfãult Vírüsa countered.

So if it’s unclear if any information that wasn’t already public was leaked, was NASA hacked at all? AnonSec did thoroughly document what it said were its procedures.

One cybersecurity expert who analyzed the documents, James Scott, a senior fellow and co-founder at the Institute for Critical Infrastructure Technology, expressed skepticism. “[It]’s hard to believe that NASA hasn’t made use of a virtually unlimited budget to allocate funds to create the most technologically sophisticated cyber-barricade around their techno-infrastructure,” he noted in a statement, in which he was careful to not refer to it as an actual hack, as neither NASA nor any other government agency has yet confirmed it.

With that in mind, he told the Daily Dot in a phone call, assuming the hack it legitimate, “This is kind of like hacktivist meets script kiddie. It’s definitely not a state thing. It’s definitely not a mercenary thing.”

Other information included in AnonSec’s dump: NASA employee names and basic information, though much of that data was widely available on other lists created years ago. As Scott said, “you can exfiltrate that kind of information with a basic Windows operating system exploit,” he said. “As far as ‘proof’ that they were in the network, well, they said they scrubbed any digital footprints, so they’re gonna have a hard time doing forensics.”

NASA did, at least, confirm it was looking into what happened. “NASA takes cybersecurity very seriously and will continue to fully investigate all of these allegations,” Beutel said.

Update 5:07pm CT, Jan. 4: As reported by Motherboard, one former NASA employee, Keith Cowing, discovered an old, ugly NASA website where the drone footage is freely available.

Photo via Tom Miller/NASA.gov (PD) | Remix by Jason Reed

Kevin Collier

Kevin Collier

A former senior politics reporter for the Daily Dot, Kevin Collier focuses on privacy, cybersecurity, and issues of importance to the open internet. Since leaving the Daily Dot in March 2016, he has served as a reporter for Vocativ and a cybersecurity correspondent for BuzzFeed.