A Romanian hacker known as TinKode claims to have breached a computer
server at NASA‘s Goddard Space Flight Center and gained access to
confidential satellite data.
Tinkode later posted a screenshot of what he said was a Goddard Space
Flight Center FTP server. The screenshot shows files that appear to be
connected with NASA‘s SERVIR program, which uses satellite data to
aid in disaster relief, health risk assessments and climate change and
biodiversity issues. The Network World story said that, after hacking
into servir.gsfc.nasa.gov, TinKode sent an email alert of the hack to
NASA's webmaster. His screenshot shows folders like RADARSAT, ASAR,
ASAR_Aus, ASAR_Africa, and ASAR_Haiti. ASAR is short for Advanced
Synthetic Aperture Radar, a technology used by NASA. Rob Gutro, deputy
news chief at the spaceflight center, located in Greenbelt, Md.,
confirmed "There was a breach in the NASA Goddard FTP site" but said it
actually took place in April. "The necessary steps were taken to protect
the infrastructure at that time," Gutro told SecurityNewsDaily, adding,
"NASA doesn't discuss the details of our IT security but remains vigilant
to secure the security of our sites." It's unclear how TinKode might
have busted into the space agency's website. Interviews with the grey-
hatted hacker, as well as his general modus operandi, suggest that he is
motivated more by intellectual curiosity than mischief. “I am
doing this because finding security holes represents a hobby for me. I
don't do bad things. I only find and make public the info. Afterwards I
send an email to them to fix the holes. It's like an security audit, but
for free,” said Tinkode to Network World. “TinKode is one of
a new breed of hacker, courting the media and announcing his successful
hacks via web postings and announcements on his Twitter account. The
good news is that the mysterious TinKode appears to be spurred on more by
the desire to embarrass organizations into tightening their web security
than financial motivation,” explains Graham Cluley, senior
technology consultant at Sophos. TinKode’s announcement of his
hack came just one day after the final launch of the NASA space
shuttle Endeavour before its retirement, and one month to the
day after TinKode allegedly hacked into the servers of the European
Space Agency. A month ago, TinKode exposed a similar security hole at
another space agency by hacking into a server operated by the
European Space Agency at www.esa.int. He then leaked a
list of FTP accounts, email addresses and passwords for
administrators and editors. TinKode did not publicly disclose the method
used to hack the ESA site. Early this year, TinKode, another hacker
called ‘Ne0h’, and another with the alias of
‘Jackh4x0r’, hacked into the Web servers
hosting MySQL.com, proving it was vulnerable to SQL injection as
well as XSS. MySQL.com is the main site for the open source database
product and a sister site to the French, German, Italian and Japanese
markets. NASA's Inspector General warned in March that security
shortcomings at the space agency left it open to defacement, denial of
service or information-stealing attacks. NASA executives promised to
tighten up security policies, a process that TinKode's exploit would
suggest is far from completion. This incident is sure to embarrass space
centre chiefs, especially since it comes only weeks after a negative
report on NASA's information security strategy. It is evident that
government departments and organizations need to take proper measures to
safeguard their network security to halt information security breach.
They need to implement robust information security initiatives, including
having a proficiently skilled IT security workforce, in order to avoid
cyber attacks and security breaches. IT security professionals can
increase their information security knowledge and skills by embarking on
advanced and highly technical training programs. EC-Council has launched
the Center of Advanced Security Training (CAST) to address the deficiency
of technically proficient information security professionals. CAST will
provide advanced technical security training covering topics such as
advanced penetration testing training, Digital Mobile Forensics,
Cryptography, Advanced Network Defense, and advanced application security
training, among others. These highly sought after and lab-intensive
Information Security training courses will be offered at all EC-Council-
hosted conferences and events, and through specially selected authorized
training centres. About EC-Council The International Council of E-
Commerce Consultants (EC-Council) is a member-based organization that
certifies individuals in cybersecurity and e-commerce. It is the owner
and developer of 20 security certifications, including Certified Ethical
Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and
Certified Security Analyst /Licensed Penetration Tester (ECSA/LPT).
EC-Council’s Center for Advanced Security Training (CAST) was
created to address the need for highly technical and advanced security
training for information security professionals. CAST programs stand out
from others thorough their extreme hands-on approach. CAST offer programs
that cover important domains such as advanced penetration testing
training, malware analysis, advanced social engineering, cryptography,
digital forensics deep dive, and web application security training, among
others. EC-Council has trained over 90,000 security professionals and
certified more than 40,000 members. Its certification programs are
offered by over 450 training centers across 84 countries. These
certifications are recognized worldwide and have received endorsements
from various government agencies including the U.S. Department of
Defense via DoD 8570.01-M, the Montgomery GI Bill, National Security
Agency (NSA) and the Committee on National Security Systems (CNSS).
Related Articles - advanced security training, penetration testing
training, application security training, Email this Article to a
Friend!Receive Articles like this one direct to your email box!Subscribe
for free today!
http://www.amazines.com/Science_and_Technology/article_detail.cfm/2999451
?articleid=2999451