NEWS
NEWS
NEWS
Cybercriminals Hack US National Weather Service
Kosova Hacker’s Security group has revealed that they have hacked the US National Weather Service, and lifted the potentially sensitive data after exploiting a vulnerability in the weather.gov website. Weather.gov is run by the US National Weather Service, part of the National Oceanic and Atmospheric Administration (NOAA). NOAA is a unit of the US Department of Commerce in charge of providing “weather, water, and climate data, forecasts and warnings for the protection of life and property and enhancement of the national economy”. The hacker group took the credit of hacking by writing a long post on Pastebin, containing a stream of leaked data that includes a list of partial login credentials, and numerous system and network configuration files.
An interesting thing is that the leaked data does not include any scientific data, as opposed to the ClimateGate hack against the Climatic Research Unit (CRU) at the University of East Anglia back in November 2009. On the contrary, it contains administrative account names, which could open the hacked servers to subsequent brute force attacks against the accounts.
As reported by Kosova Hacker’s Security, they carried out the hacking in retaliation for American aggression against Muslim nations, including the Flame and Stuxnet malware attacks against the Iran nuclear program. The group intends to hack further U.S. government sites. As of now, the local file inclusion vulnerability has been patched and the weather.gov site remained up Thursday. However, at least one other vulnerability, a cross site scripting hole, was subsequently identified on the site.
“Hacktivisim is taking on many forms in our political climate,” says Kyt Dotson, editor of HackANGLE. “Attacking and taking data from a weather website is only one example of what we’ve seen happening–and increasing in rate–since 2010. Although it’s unlikely than any actual sensitive data beyond system information could have been taken from a website, it still means that individual front-facing web servers run by various government organizations need a look into.
“It’s more common for hacktivist groups to deface the websites they hit than just show that they managed to break in–this time they just threw up their bragging rights with a manifesto.”
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
