Black Jester, the Sudanese hacker known for personally going to a United Nations office to inform them of vulnerabilities that affected one of their sites, returns. This time he managed to breach a subdomain owned by NASA, more precisely the one that belongs to Air Traffic Conflict Resolutions (airtrafficconflictresolutions .arc.nasa.gov).“A lot of hackers hacked NASA in someway and leaked info or databases, so I thought that they have no security, so I found that domain unpatched for SQLI, and tried to exploit it. It’s just a shame for NASA not to patch there networks after all those incidents,” the hacker told us.
As a result of the hack, Black Jester leaked some sample information from their servers, just to prove that he gained access.
“The Pastebin document I made contains the target link, and the credential for the server with their hashed passwords so that skids don’t hack it immediately. Also the databases I got from the server,” he explained.
“I could do more damage but I think my point has been received. Also, just because it’s a sub-domain, but that doesn’t mean they are protected.”
If on previous occasions he alerted companies of security holes that affected their public websites, this time he said that he didn’t notify them because he was disappointed of the way he was treated whenever he tried to help.
“Anyway, this attack has nothing to do with my previous attacks,” he added.
Currently, the affected NASA subdomain has been taken offline, but the hacker says that it was taken offline right after he breached it. This probably means that they’re currently working on addressing the issues that allowed Black Jester to gain unauthorized access.
Recently, the hacker also managed to breach a server belonging to Qwest Communications International, one of the largest telecoms companies in the US.
Note. My Twitter account has been erroneously suspended. While this is sorted out, you can contact me via my author profile.