February 03, 2003, 4:35 PM — Making a tragic day even worse, several servers at NASA's Jet Propulsion Laboratory (JPL) were broken into on Saturday by a group of hackers protesting U.S. policy in the Middle East.
Web pages hosted on those servers were replaced with pages displaying a political message critical of U.S. policy in Iraq, according to a report by UK security company mi2g Ltd. and confirmed by a National Aeronautics and Space Administration (NASA) spokesman.
"All I can tell you is that over the weekend several servers at the Jet Propulsion Laboratory were broken into and Web pages were replaced with pages containing political messages, " said Brian Dunbar, a NASA spokesman.
The digital attacks on nine of the JPL's servers occurred at just past 2 p.m. Pacific Time (22:00 GMT) on Saturday evening and lasted for more than one and a half hours. The targeted servers supported the jpl.nasa.gov Web site and were running Sun Microsystems Inc.'s Solaris operating system, according to mi2g.
Dunbar declined to provide specific details about how many or what kind of servers were targeted, but said the affected machines were taken offline for about five hours following the attack.
The source of the attacks was a group of hackers that called themselves "Trippin Smurfs," according to mi2g. The origin of that group was being investigated, according to mi2g.
The hackers replaced JPL Web site content with a message that read, in part:
"I noticed that a war with Iraq is iminent...and i wonder why?!...When is this going to stop? Why does U.S. attack Iraq?"
NASA would not indicate whether other information stored on the servers was tampered with or stolen.
"We don't go into that level of detail on security breaches," Dunbar said.
Despite occurring hours following the disintegration of the space shuttle Columbia as it reentered Earth's atmosphere on Saturday morning, there was no mention of the disaster in the message posted by the hacker group. It was unclear whether the attack was prompted by the crash.
Also unclear are links between Trippin Smurfs and fundamentalist hacker groups such as the pro-Islamic hacker group Unix Security Guard, according to mi2g.
Mi2g became aware of the attack after monitoring messages posted on bulletin boards used by various hacker groups, according to Jan Andresen of mi2g's Intelligence Unit.
Dunbar declined to comment on whether the attack might have been linked to the Columbia disaster, but said that NASA and the JPL are common targets for hackers.
Although not unprecedented, successful attacks in which hackers are able to compromise NASA computers are "rarer and rarer." The agency did suffer similar Web site defacement in 1997, according to Dunbar.
NASA is working with law enforcement to track down the perpetrators of this weekend's attack. That investigation will start with NASA's Office of Inspector General, but may expand to include the U.S. Federal Bureau of Investigation, according to Dunbar.
Unrelated reports of broken links and missing pages on NASA's home page, www.nasa.gov, were the product of a recent overhaul of the agency's Web page and efforts to deal with a flood of traffic following the Columbia disaster, not evidence of further attacks, Dunbar said.
NASA launched an updated Web site at midnight on Friday, switching from a single Web server housed in the basement of NASA's headquarters to a more robust Web site infrastructure managed by AT&T Corp., according to Dunbar.
While the move enabled the agency to handle the more than 100 million hits to its Web site in the hours following the loss of the first space shuttle in 17 years, links to some archived Web site material on an FTP server managed by NASA need to be touched up, according to Dunbar.
