Anonymous, a famous hacking group, claims compromising European Space Agency (aka ESA). According to them, the hack exposed personal information including emails, names and passwords. The group performed the hack as a ‘prank’ ahead of the Christmas holiday. The group hacked ESA’s sub-domains. This hack should be a warning to the 8,000 folks whose personal information was revealed.
At this time, ESA has not declared the truth of this claim, and there is no way of verifying the claims of Anonymous. The group claims that the exposed data was sourced from due to.esrin.esa.int and sci.esa.int.exploration.esa.int, which are all ESA’s subdomains. Both of this domains state the motive of the hack to be “Lulz”, which is an alternative for the laugh out loud (LOL).
The exposed data was categorized into three files; ESA supporters and researchers, registered schemas, and website’s database. The registered schemas, ESA researchers and supporters file had vital personal information of users and their organizations. In fact, a file, ‘c4_subscriber’, has around 8,000 emails, contact details, and the passwords. Surprisingly, most of the passwords had only three characters.
Anonymous performed the hack for fun. Analyses by experts show that 39% of the passwords that were exposed were 3-character passwords (combinations of three figures). The second biggest group of a password was the 8-character passwords; these were used by 16% of people. Most of these were easy to predict since they were passwords such as rainbow1, pa$$word and 12345678.
“It is about Christmas, and we thought of doing something crazy and fun. We thought of the message Lulz.”
The group found it very easy to compromise the sub-domains of ESA; the company’s database was poorly encrypted. The hack can be seen as a proof that the company should do something to secure the data of its clients, employees and supporters.
Anonymous used blind SQL to access the company’s database. The breach through the SQL revealed just about everything. The group was only trying to be considerate by releasing the only the contacts; they could have exposed worse information.
Anonymous is a well-equipped group when it comes to the know-how of hacking. Never the less, ESA security system was very weak. The simplicity of the hack tells it all. The group declared war on ISIS, but hacking ESA seems to be a case of misplaced priorities.
Top/Featured Image: By Stephen C. Webster / Flickr