Hacker group The Unknowns claims high ground in exposing security holes

New group takes credit for breaching NASA, U.S. military, and others with goal of forcing them to better protect themselves

A group of hackers called The Unknowns claims to have hacked the systems of 10 prominent organizations worldwide, including NASA and U.S. military branches, and to have posted the stolen data -- in the name of helping the victims to protect themselves.

The group published admin account and passwords for the targeted organizations earlier this week on Pastebin, including NASA, the U.S. Air Force, the European Space Agency, the Thai Royal Navy, Harvard, and the French Ministry of Defense. NASA and ESA have since confirmed they were hacked. NASA released the following statement: "NASA security officials detected an intrusion into the site on April 20 and took it offline. The agency takes the issue of IT security very seriously and at no point was sensitive or controlled information compromised."

ESA security office manager Stefano Zatti told ZDNet UK that "the group used SQL injection... The use of SQL injection is an admitted vulnerability. This needs to be addressed at a coding level."

The Unknowns have reported that many of the systems they've successfully hacked have since been secured: "And now, we are happy to inform you that most of the links we used to penetrate threw the databases, have been patched. This is exactly what we were looking for. This is what we want."

The Unknowns join a growing number of cyber vigilantes, including Anonymous; Goatse Security, which revealed thousands of email addresses of iPad users; and a Google engineer who exposed a Windows vulnerability because Microsoft was not acting quickly enough to patch it.

The group -- which says its members are neither black-hat nor white-hat hackers, but certainly not "Anonymous Version 2" -- claims to be motivated by a noble cause: exposing organizations' security holes in an effort to force the victims to improve their defenses.

Along with the stolen data, the group posted the following message to Pastebin: "Victims, we have released some of your documents and data, we probably harmed you a bit but that's not really our goal because if it was then all of your websites would be completely defaced but we know that within a week or two, the vulnerabilties we found will be patched and that's what we're actually looking for. We're ready to give you full info on how we penetrated threw [sic] your databases and we're ready to do this any time so just contact us, we will be looking forward for this."

The group has gone so far as to apologize to its victims, even while justifying its actions: "These Website are important, we understand that we harmed the victims and we're sorry for that -- we're soon going to email them all the information they need to know about the penetrations we did. We still think that what we did helped them, because right now they know that their security is weak and that it should be fixed."

The group is seeking public support to help further its mission and has provided an email address to make contact: "We wanted to gain the trust of others, people now trust us, we're getting lots of emails from people we never knew, asking us to check their website's security and that's what we want to do."

This article, "Hacker group The Unknowns claims high ground in exposing security holes," was originally published at InfoWorld.com. Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest business technology news, follow InfoWorld.com on Twitter.

Copyright © 2012 IDG Communications, Inc.

How to choose a low-code development platform