The website of the European Space Agency (ESA) has been hacked into and a list of FTP accounts, as well as email addresses and passwords for administrators and editors have been leaked.The www.esa.int Web server was compromised by a well known Romanian grey hat hacker who uses the online moniker of TinKode.
The hacker posted details of the compromise on his blog in full disclosure style. However, the method he used was not revealed.
The published data includes FTP accounts for a range of ESA subsites with passwords in clear text.
A list of database users with hashed passwords was also disclosed, together with the SHA1-hashed server root password.
The site administrator and editor credentials were exposed in plain text, as well as email addresses and passwords corresponding to website user accounts.
The passwords are in readable form, but TinKode took the measure of partially hiding them before publishing. There is also a list of associated proxy user names and passwords.
At the time of writing this article the www.esa.int website remains on line so it is not clear if the agency was alerted of the compromise in advance or not. TinKode is known for exposing vulnerabilities in high profile websites, the latest of which was an SQL injection in MySQL.com.
His past targets include Sun Microsystems (now Oracle), the Royal Navy, the U.S. Army and Kaspersky Portugal. ESA is not even TinKode's first space agency, the hacker previously compromising several NASA websites.
His full disclosure style can sometimes lead to abuse. For example, an XSS vulnerability he revealed in YouTube's commenting system went on to be exploited by 4chan users to harass Justin Bieber fans.
We have sent a message to several European Space Agency email addresses, including one for media contacts, informing them of the compromise and asking for an official statement. We will return with more info when and if we obtain it.
Update 1, April 18th, 2011: We learned that the hack was intended to mark the anniversary of the Apollo 13 crew's safe return to Earth on April 17, 1970, after failing to land on the Moon. The hacker leaked 13 FTP accounts, matching the mission's number.
Update 2, April 18th, 2011: An ESA spokesperson informed us that the agency's main website was not affected by this attack and neither was its internal network. Instead, the official revealed, the hacker managed to compromise several Internet-facing FTP servers used by researchers from partner organizations to exchange data.
"The affected servers have been taken offline, security tightened, and the affected parties notified," the spokesperson told us. The systems will not be brought back online until the agency's IT experts are satisfied with their security.