Approximately 200 usernames, passwords and email addresses related to the European Space Agency was posted by a hacker under the name TinKode on his blog on April 17. The post also included the details on other servers and databases that were compromised.
TinKode posted login credentials to several systems, logs and Apache server configuration files. The passwords were partially hidden, but the proxy usernames and passwords were included. TinKode did not disclose the attack method.
Some of the email addresses appear to be linked to the CERN science institute which deals with the European Organization for Nuclear Research, the ESO, BAE defense systems, and various universities. The ESA logs include calibration sources, instruments, maneuvers, satellite activities, mission events, anomalies, and environmental details.
The space agency has confirmed the incident, but downplayed the impact, saying the systems were “less sensitive” and used to share scientific data between ESA and its partners. The FTP servers affected were used to exchange astronomical data, such as ice-shelf thickness readings from satellite sources.
The agency’s main website nor its internal network were not affected by the attack. The FTP servers have been taken offline and all login credentials reset. The FTP servers will not be back online until all security checks are complete, an ESA spokesperson said.
The motivation behind the attacks remain unclear. It may be just bragging rights, or it may have been an anniversary. TinKode referenced Apollo 13 and April 17, 1970 at the end of the post. On that date, the Apollo 13 crew returned safely to Earth after failing to land on the moon. TinKode also leaked login credentials for 13 FTP accounts