Anonymous has decided to go after NASA because they believe NASA is hiding critical information from the public and they want NASA to release this information. The attack started on Sunday night by two group called New World Hacking and AnonCorruption where they attacked the main website of NASA and email servers using a Distributed Denial of Service attack.
The hacker group believes NASA is holding critical information about ISIS group from the public but the group fails to provide any details about this secret that NASA is withholding from the public. According to one of the member of the New World Hacking group, “We believe NASA is holding back information on many things, not just one.” The member goes on to say, “We won’t tell the public what we think they are hiding – we will let NASA explain.”
The attack was part of the larger campaign called Operation Censorship and the attack on NASA was just a trial run according to the group. They plan to release a large attack on April 1st and this time they will be targeting Donald Trump.
NASA didn’t offer any information on the attack but according to the group, they were able to affect the website and email services. At this point, it is hard to tell how the attack will lead to releasing of information. Furthermore, NASA tolerated the attack well due to the DDoS Protection that protects the entire network. DDoS attacks are being used as a type of citizen protest but DDoS protection providers like Psychz, Staminus, Incapsula etc are able to mitigate large attacks and they are staying a step ahead. These attacks are giving rise to a market just like malware/viruses gave rise a Anti-Virus market.
By now everyone is aware of Staminus getting hacked and dumping of the database that includes client and infrastructure information. Staminus is a DDoS protection provider who went offline on Thursday and as of Today, the site is still displaying a message from the CEO. While the website was taken offline, the hackers were publishing the stolen database online and some clients have verified their information inside the database. The hackers didn’t just want to steal the database, they decided to take the entire Staminus network offline by resetting the router to their original factory default settings. In the release, the hackers put out some useful security tips that will make every system admin wonder the type of people that were running Staminus. Below you will find the list:
- Use one root password for all the boxes
- Expose PDU’s [power distribution units in server racks] to WAN with telnet auth
- Never patch, upgrade or audit the stack
- Disregard PDO [PHP Data Objects] as inconvenient
- Hedge entire business on security theatre
- Store full credit card info in plaintext
- Write all code with wreckless [sic] abandon
I understand one might ignore the PHP object or using SIC but why would anyone use one root password for all servers. Furthermore, it makes no sense to expose the PDU to WAN access. It is a very common understanding that with enough time and effort, everything is hackable. When it is comes to security, it is crucial to put in place measures that will block or limit access. The backend should never be exposed and she be kept on a private network or limited access with IP restriction. I am sure the guy at Staminus are trying to restore things and hopefully they have a backup of everything.