The Daytime Astronomer on Hacking NASA
Our website got hacked. Astronomy sites are a popular target. It's safer to hack NASA than, say, the NSA. All the bragging but little of the risks.
Hacking NASA to get at 'inside stuff' is generally pointless. The whole purpose of NASA is to publically deliver what we do. All the good data and the best software gets openly released. Trying to hack NASA is like stealing twenty copies of the free local newspaper off the delivery truck. It's not only illegal, it's stupid, doesn't gain you anything, and takes more work then getting it the legit way.
One of our web guys posits that it's easy to detect hacking by just looking at the site, since hackers like to proclaim their success in big defacing text. He is, of course, dangerously wrong. Not all hackers do it for ego. Here's a different NASA hack incident from the past.
A NASA satellite mission website got hacked, subtly. They poisoned the links from the 'sponsoring universities and corporations' images at the bottom of the page. The images looked fine and the page looked just as it always did. But when you clicked on the links for the sponsoring companies, you were sent to a porn site instead of, say, Raytheon.com. So they were trying to hijack click-through traffic. I told a NASA webmaster about that and she came up with a quick way to scan via google to catch such hacks in the future.
I'm strangely comforted to learn that not all hackers are lame 1337 script-kiddies, and there is cleverness out there. But naturally I still prefer the security crowd and the white-hat hackers. If you're going to be clever, use it for better purposes, not just for yourself. That's the real challenge.
Alex, the daytime astronomer
Comments