Cyber Incident Victim: National Aeronautics and Space Administration
Date:
Jan 2013
Location:
United States of America
Summary
A group of hackers known as AnonSec claimed unauthorized access to NASA systems, exfiltrating employee personal information, raw aerial footage from climate research missions, and flight data logs. The attackers alleged partial control of an agency drone in an unsuccessful attempt to crash it, though NASA denied both the breach impact and compromise of aircraft systems. Initial access reportedly originated from purchased credentials to a system previously infected with Gozi malware, enabling lateral movement to backup drives containing operational data. While the hackers framed the intrusion as exposing geoengineering activities, independent analysis suggested the compromised systems were unclassified internet-facing assets, and the leaked materials primarily consisted of publicly available or routine mission recordings without sensitive content.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 2 actors | Available to members | Available to members |
Description
In February 2016, the hacker group AnonSec publicly claimed to have infiltrated NASA systems, exfiltrating approximately 250 GB of data—though they asserted possessing up to 1 TB—and attempting to interfere with an unmanned aircraft. The breach reportedly began when AnonSec purchased access to a NASA system previously compromised by the Gozi malware in 2013. After gaining initial entry, the hackers described moving laterally within the network until accessing three backup hard drives belonging to NASA employee Eric Jensen. These drives allegedly contained 8 hours of previously unreleased raw flight footage from NASA’s Global Hawk drone fleet, 10 GB of flight data logs tied to climate research missions (including Operation IceBridge and the Airborne Tropical Tropopause Experiment), and personal information for over 2,400 employees, including names, phone numbers, and email addresses. AnonSec also claimed to have altered a flight path file for a Global Hawk drone in an unsuccessful attempt to crash it into the ocean, though they acknowledged losing network access shortly after this action, which they attributed to heightened security measures or their own operational errors.
NASA categorically denied the severity of the claims, stating no aircraft control systems were compromised and characterizing the leaked data as publicly available information. Agency spokesperson Allard Beutel did not address discrepancies regarding the flight footage’s prior public availability. Independent analysis by cybersecurity expert Dan Guido suggested AnonSec likely breached peripheral, internet-connected NASA systems hosting unclassified data but exaggerated their access to critical infrastructure. The dumped data, verified as authentic by external reviewers, primarily consisted of routine operational records—aerial footage of Arctic surveys, maintenance operations, and radar telemetry—with no evidence supporting AnonSec’s ancillary claims about NASA conducting clandestine geoengineering ("chemtrail") projects. The incident highlighted existing vulnerabilities, as NASA had previously disclosed Cryptolocker infections on its systems in 2015. AnonSec’s manifesto and communications revealed no coherent motive beyond opportunistic intrusion, with one administrator citing recreational intent and substance use during the operation. No further data leaks or follow-up actions by the group were documented after the initial February 2016 disclosure.