Kosova Hacker’s Security group has revealed that they have hacked the US National Weather Service, and lifted the potentially sensitive data after exploiting a vulnerability in the weather.gov website. Weather.gov is run by the US National Weather Service, part of the National Oceanic and Atmospheric Administration (NOAA). NOAA is a unit of the US Department of Commerce in charge of providing “weather, water, and climate data, forecasts and warnings for the protection of life and property and enhancement of the national economy”. The hacker group took the credit of hacking by writing a long post on Pastebin, containing a stream of leaked data that includes a list of partial login credentials, and numerous system and network configuration files.

An interesting thing is that the leaked data does not include any scientific data, as opposed to the ClimateGate hack against the Climatic Research Unit (CRU) at the University of East Anglia back in November 2009. On the contrary, it contains administrative account names, which could open the hacked servers to subsequent brute force attacks against the accounts.

As reported by Kosova Hacker’s Security, they carried out the hacking in retaliation for American aggression against Muslim nations, including the Flame and Stuxnet malware attacks against the Iran nuclear program. The group intends to hack further U.S. government sites. As of now, the local file inclusion vulnerability has been patched and the weather.gov site remained up Thursday. However, at least one other vulnerability, a cross site scripting hole, was subsequently identified on the site.

“Hacktivisim is taking on many forms in our political climate,” says Kyt Dotson, editor of HackANGLE. “Attacking and taking data from a weather website is only one example of what we’ve seen happening–and increasing in rate–since 2010. Although it’s unlikely than any actual sensitive data beyond system information could have been taken from a website, it still means that individual front-facing web servers run by various government organizations need a look into.

“It’s more common for hacktivist groups to deface the websites they hit than just show that they managed to break in–this time they just threw up their bragging rights with a manifesto.”