A security hole in a server at NASA’s Goddard Space Flight Center exposed data related to a satellite-based Earth observation system used to aid in disaster relief, a hacker has revealed.
The hacker, who uses the handle “Tinkode” published a screen capture from what he claims is an FTP (File Transfer Protocol) server at NASA’s Goddard Center. The hack comes one month after the same hacker exposed a similar hole in a server operated by the European Space Agency.
The screenshot from the server at the Goddard Space Center shows a directory tree from the server, servir.gsfc.nasa.gov, which appears to connect with NASA’s SERVIR program. It is not clear what the purpose of the server is or the nature of the security hole exploited by Tinkode.
SERVIR is a joint program between NASA, USAID, CATHALAC and other non profit groups that uses data from land based radar and geosynchronous satellites to aid in natural disaster analyses, environmental monitoring, health risk assessments, and issues related to climate change and biodiversity.
The server directory screenshot posted by Tinkode includes folders with names like ASAR_Africa and ASAR_Haiti. ASAR is an acroynm standing for Advanced Synthetic Aperture Radar, one of the technologies that contribute data to the SERVIR program.
The individual known as “Tinkode” is a Romanian hacker linked to other noted breaches. In March, he was one half of a team that breached the security of MySQL.com, the Web site for the open source database product. In April, he published the names and email addresses of European Space Agency employees after compromising a server operated by that agency.