Unknown hackers early last week claimed to have compromised and stolen data from a range of government agencies and private organizations by alleging to have gained full administrator access to their systems, including those of space agencies, defense departments, and private international companies. NASA and the ESA have apparently confirmed their systems were indeed attacked and compromised in late April 2012 but insisted no “sensitive or controlled information” was compromised. The attacks according to ESA security office manager Stefano Zatti were allegedly the result of an SQL injection exploit stating, “The group used SQL injection […] The use of SQL injection is an admitted vulnerability […] This needs to be addressed at a coding level.”
The new hacker group claiming to be behind the attacks refers to themselves as “The Unknown” and announced early last week opening up a new Twitter account that they had injected their way into the private systems of at least ten different organizations, and proceeded to publish private data and documents through sites like Pastebin which they claim originated from the compromised servers. “The Unknown” have since stated that all their victims had patched their systems (which was apparently their goal) and that they were no longer vulnerable to the exploits used to compromise them in the first place, all but the US Air Force apparently which they claim they would be contacting to bring to their attention.
And now, we are happy to inform you that most of the links we used to penetrate threw the databases, have been patched. This is exactly what we where looking for. This is what we want. For all our supporters out there; Thank you, help us to spread the word, help us to make this internet world more secured.
Victims The Unknown listed as allegedly having been compromised included the NASA – Glenn Research Center, the U.S. military, the U.S. Air Force, the European Space Agency, the Thai Royal Navy, Harvard University, Renault, the French ministry of Defense, the Bahrain Ministry of Defense, and the Jordanian Yellow Pages. It is not sure whether they used the same exploit to gain access to all these organizations but it would appear likely.
In addition to revealing the logins to access the compromised systems of the organizations in question, The Unknown also proceeded to post screenshots on public image sharing site Imgur showing off the access they had gained to the compromised sites. The group also apparently put together a compressed 2 part rar file of some military documents they claim to have downloaded from the hacked systems and uploaded them to the public file sharing website MediaFire (where as of of this writing they are apparently still available). Some sources covering this story claim some of the documents/data may originate from an older hack and all this is might just be a ploy to try and gain Twitter followers. At this point though I think this would seem like a rather unlikely motivation.
Rather, “The Unknowns” claim their motivation as completely altruistic in the hopes of bringing software vulnerabilities to people’s attention, something along the lines of following (as was apparently posted in one of their Pastebin posts).
We can’t call ourselves White Hat Hackers but we’re not Black Hat Hackers either…
Now, we decided to hack these sites for a reason…
These Websites are important, we understand that we harmed the victims and we’re sorry for that – we’re soon going to email them all the information they need to know about the penetrations we did.
We still think that what we did helped them, because right now they know that their Security is weak and that it should be fixed.
We wanted to gain the trust of others, people now trust us, we’re getting lots of emails from people we never knew, asking us to check their website’s security and that’s what we want to do.
Our goal was never to harm anyone, we want to make this whole internet world more secured because, simply, it’s not at all and we want to help.
We don’t want revolutions, we don’t want chaos, we just want to protect the people out there.
Websites are not secured, people are not secured, computers are not secured, nothing is…
We’re here to help and we’re asking nothing in exchange.
One can only wonder then why decide to publicly leak private data/documents instead of simply contacting the site administrators directly in private? Perhaps they believe they wouldn’t be taken seriously by the organizations otherwise? Or perhaps more likely that it wouldn’t have generated any media coverage? That it wouldn’t generate any notoriety? Either way, it will be interesting to see if more high profile sites are attacked by “The Unknowns” in the coming days/weeks and if they continue to publicly dump any private info gained.