White hat hacker exposes NASA servers’ vulnerabilities
A Romanian “white hat” hacker has claimed to have broken into a site of the National Aeronautics and Space Administration (NASA), and published a screenshot of the compromised server on his site.
White hat hackers are programmers who break into computer systems for the sake of exposing security flaws, instead of exploiting them for malevolent purposes.
In this case, “TinKode” hacked a file transfer protocol (FTP) server related to NASA’s Earth Observation System at Goddard Space Flight Center.
“I don’t do bad things. I only find and make public the info. Afterwards I send an email to them to fix the holes. It’s like an security audit, but for free,” TinKode said in an interview posted on NetworkWorld.
The NetworkWorld story said that, after hacking into servir.gsfc.nasa.gov, TinKode sent an email alert of the hack to NASA’s webmaster.
His screenshot shows folders like RADARSAT, ASAR, ASAR_Aus, ASAR_Africa, and ASAR_Haiti.
ASAR is short for Advanced Synthetic Aperture Radar, a technology used by NASA.
One month ago, TinKode exposed a similar security hole at another space agency by hacking into a server operated by the European Space Agency at www.esa.int.
He then leaked a list of FTP accounts, email addresses and passwords for administrators and editors.
Early this year, TinKode and hackers Ne0h and Jackh4x0r hacked into the Web servers hosting MySQL.com, proving it was vulnerable to SQL injection as well as XSS.
In the NetworkWorld interview, TinKode said making the breaches public makes the companies fix the vulnerability faster.
He also said finding security holes is a “hobby” for him.
“I am doing this because finding security holes represents a hobby for me. If someone wants to hire me, we can discuss, isn’t a problem,” he said.