European Space Agency Confirms FTP Server Hack

A hacker has breached the FTP servers at the European Space Agency (ESA) and posted usernames and passwords online.

Romanian hacker TinKode, who attacked the Royal Navy website last year, claimed on his blog that he had penetrated the European Space Agency (ESA), and published online an estimated 200 usernames passwords. The ESA confirmed the hack to eWEEK Europe UK.

ESA Confirmation

Speaking to eWEEK Europe UK, a spokesman for the ESA confirmed the hack took place, but said that it had not compromised the main website of the ESA, but rather a number of its FTP servers used to communicate with business and scientific partners.

“The main website was not compromised,” explained the ESA spokesman. “We have some B2B FTP servers that are used to exchange information and data with outside experts and institutions, and some of these FTP servers were hacked into.”

“A list of valid user names and passwords were published,” said the spokesman, who said that according to the IT department of ESA, Tinkode used a form of a SQL injection attack to gain access to the FTP servers.

“All these FTP servers have now been disconnected and taken offline, and all of their credentials updated and reset,” said the ESA. “We have also alerted all users to the attack and told them to change their passwords and to report any usual activity on their accounts.”

“I would like to stress that this attack did not affect our main website, but some of our FTP servers, that are used to exchange mission and space-related data with scientific experts. We co-operate with a lot of institutions around Europe on this this.”

Other Attacks

Last November TinKode broke into the main website of the Royal Navy (www.royalnavy.mod.uk) and revealed people’s usernames and administrator passwords, an action which forced the Navy to suspend its website for many days.

In January, Imperva revealed that several major military and government websites had been hacked and were up for sale on underground forums for just over £300.

And Symantec recently warned that 2010 was the year when targeted attacks got serious, and that targeted cyber attacks are the rise.

Last month for example the European Government was forced to shut off remote access to email during a five-day long cyber-attack on the EU Parliament’s network.

In November, the Armed Forces minister Nick Harvey called for the UK to have the ability to strike back at those conducting cyberwarfare campaigns, and he outlined the UK’s plans to defend themselves against online threats.

The issue of hacking has been very much in the spotlight of late, with attacks ranging from Epsilon, Play.com, and TripAdvisor, dominating headlines.

Meanwhile, today, the Ministry of Defence has shown that security breaches do not need an outside hacker, as it accidentally published secret information on the safety of nuclear submarines, by an elementary error in redacting information on a document.