The Hacker News Logo
Subscribe to Newsletter

Hacker leaks source code of NASA website belongs to US Government computer

A Hacker going by name - "LegitHacker97" claiming that he successfully access a NASA subdomain website , that actually belongs to a US Government computer, as mentioned on homepage.
***** WARNING *****
This is a US Government computer

Hacker also dump a 82.51 MB (compressed or 337 MB uncompressed) Archive five days ago on internet, includes the complete source code of the website (in ASP). After watching the pastebin note, we tried to contact the hacker for collecting more information about the hack.

Hacker describe The Hacker News via mail that,"This was hacked by a major LFI vulnerability which allowed me to upload my own shell (backdoor to the site) and I took advantage of it by downloading all off the website !". He add ,"But now vulnerability is fixed".
I download the dump from the link posetd by hacker in pastebin note and tried to match the files with NASA website and subdomains, and found that these file actually belongs to one of the NASA subdomain at as mentioned by hacker in mail to The Hacker News. But still, I was confused about , how hacker get into area where only authorized users can login.

After exploring more on internet, I found a article on SpaceRef that "NASA Space Launch System Technical Document Access" on NASA website at domain, but one need to request an account for accessing the documents from NASA's Contracting Officer McCollister at 

It can be possible that, Hacker social engineered the folks at NASA to get in and then found some Vulnerability to get access to server, because Social Engineering is the only weakest Link in Information Security and there is no patch for Human stupidity.

Stay tuned for more updates about the the hack !

Update: Hacker upload archive on few more file sharing sites as listed below:

Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.
Latest Stories
Best Deals

Newsletter — Subscribe for Free

Join over 500,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.