Tag Archives: man-in-the-middle attack

Warning — Hackers can Silently Install Malware to Non-Jailbroken iOS Devices

Hard time for mobile phone users!

Just recently, two severe vulnerabilities in Qualcomm Snapdragon chip and Stagefright were spotted on the Android platform, affecting more than a Billion and Millions of devices respectively.

And now:

Hackers have discovered a new way to install malicious apps onto your iPhone without your interaction.

Researchers at Palo Alto Networks have uncovered a

NASA HACKED! AnonSec tried to Crash $222 Million Drone into Pacific Ocean

nasa-hacked-drone
Once again the Red Alarm had been long wailed in the Security Desk of the National Aeronautics and Space Administration (NASA).
Yes! This time, a serious hacktivism had been triggered by the Hacking group named “AnonSec” who made their presence in the cyber universe by previous NASA Hacks.
The AnonSec Members had allegedly released 276 GB of sensitive data which includes 631 video feeds from the Aircraft & Weather Radars; 2,143 Flight Logs and credentials of 2,414 NASA employees, including e-mail addresses and contact numbers.
The hacking group has released a self-published paper named “Zine” that explains the magnitude of the major network breach that compromised NASA systems and their motives behind the leak.

Here’s How AnonSec Hacked into NASA

The original cyber attack against NASA was not initially planned by AnonSec Members, but the attack went insidious soon after the Gozi Virus Spread that affected millions of systems a year ago.
After purchasing an “initial foothold” in 2013 from a hacker with the knowledge of NASA Servers, AnonSec group of hackers claimed to pentested the NASA network to figure out how many systems are penetrable, the group told InfoWar.
Bruteforcing Admin’s SSH Password only took 0.32 seconds due to the weak password policy, and the group gained further indoor access that allowed it to grab more login information with a hidden packet sniffing tool.
They also claimed to infiltrate successfully into the Goddard Space Flight Center, the Glenn Research Center, and the Dryden Research Center.

Hacker Attempted to Crash $222 Million Drone into the Pacific Ocean

Three NAS Devices (Network Attached Storage) which gathers aircraft flight log backups were also compromised, rapidly opening a new room for the extended hack:
Hacking Global Hawk Drones, specialized in Surveillance Operations.
Hackers have tried to gain the control over the drone by re-routing the flight path (by Man-in-the-Middle or MitM strategy) to crash it in the Pacific Ocean, but…
…the sudden notification of a security glitch in the unusual flight plan made the NASA engineers to take the control manually that saved their $222.7 Million drone from drowning in the ocean.
This hacking attempt had happened due to the trivial routine of drone operators of uploading the drone flight paths for the next fly, soon after a drone session ends.
After this final episode, AnonSec lost their control over the compromised NASA servers and everything was set to normal by NASA engineers as before.
This marked the attack’s magnitude at a steep height by infecting into other pipelines of NASA, leading to this nasty situation.

However, in a statement emailed to Forbes, NASA has denied alleged hacking incident, says leaked information could be part of freely available datasets, and there is no proof that a drone was hijacked.

“Control of our Global Hawk aircraft was not compromised. NASA has no evidence to indicate the alleged hacked data are anything other than already publicly available data. NASA takes cybersecurity very seriously and will continue to fully investigate all of these allegations.”

Why Did AnonSec Hack into NASA?

If you are going to point your fingers against the AnonSec Hackers, then Wait! Here’s what the group of hackers wants to highlight:

“One of the main purposes of the Operation was to bring awareness to the reality of Chemtrails/CloudSeeding/Geoengineering/Weather Modification, whatever you want to call it, they all represent the same thing.” 

“NASA even has several missions dedicated to studying Aerosols and their affects (sic) on the environment and weather, so we targeted their systems.”

And Here’s What NASA was actually doing:
  • Cloud seeding: A weather alteration method that uses silver iodide to create precipitation in clouds which results to cause more rainfall to fight carbon emission which ultimately manipulates the nature.
  • Geoengineering: Geoengineering aims to tackle climate change by removing CO2 from the air or limiting the sunlight reaching the planet.
Similar projects are running on behalf of the US Government such as Operation Icebridge [OIB], Aerosol-Cloud-Ecosystem (ACE) which are dedicated to climate modeling.
This security breach would be a black label for the Security Advisory Team of NASA and became a warning bell to beef up the security.

Critical OpenSSH Flaw Leaks Private Crypto Keys to Hackers

A ‘Serious’ security vulnerability has been discovered and fixed in OpenSSH – one of the most widely used open-source implementations of the Secure Shell (SSH) Protocol.

The critical vulnerability could be exploited by hackers to force clients to leak their secret private cryptographic keys, potentially exposing users to Man-in-the-Middle (MITM) attacks.

What Causes the Flaw to occur?

Cisco Jabber Client Vulnerable to Man-in-the-Middle Attack

Researchers at Synacktiv have disclosed a vulnerability in the Cisco Jabber Client for various platforms that exposes devices to man-in-the-middle attacks.

Novel NTP Attacks Roll Back Time

Researchers at Boston University have published new attacks against the Network Time Protocol (NTP) that jeopardize the security of numerous online activities.

Manipulating WSUS to Own Enterprises

Researchers at Black Hat found a weak spot in some WSUS configurations that could allow an attacker to compromise any server or desktop in an enterprise.