European Space Agency Breach Leaks Security Details

By Matthew Broersma

Hackers have released thousands of login credentials and other data from the Web servers of the European Space Agency (ESA) following a breach of several of the agency’s Internet domains on Monday.

The hackers, who are part of the Anonymous collective, posted the data in three separate dumps on JustPaste.it, a code-sharing Website. One of the files contains names, emails and unencrypted passwords for more than 8,000 users.

Personal Details

Another file includes full names, fax numbers, telephone numbers, addresses, email addresses and organization names for hundreds of researchers or supporters collaborating with the agency. A third file lists database details and technical information related to Web servers.

The files specify that they were taken from the ESA domains due.esrin.esa.int, exploration.esa.int and sci.esa.int. Each file lists “Motivation: Lulz” as the inspiration for the attack. “Lulz” is a slang term for “laughs”.

One of those involved in carrying out the attack confirmed to hacker news Website HackRead that the incident was staged “because Xmas is coming and we had to do something for fun so we did it for the lulz.”

The hackers reportedly used a blind SQL vulnerability to breach the site and gain access to the ESA’s database.

UN, WTO Hacks Linked

The attack was reportedly carried out by the same individuals responsible for a breach of the Website of the United Nations Framework Convention on Climate Change, which leaked the personal details of 1,415 officials, and a hack of the World Trade Organization, which leaked the organization’s database and WTO members’ personal details.

The ESA is preparing on Tuesday morning to launch a Soyuz spacecraft that will see three astronauts carried to the International Space Station, including Major Tim Peake, the first ESA astronaut in space.

Peake, along with American Tim Kopra and Russian Yuri Malenchenko, are to spend six months aboard the ISS.