Official website of NASA defaced by Prosox

The website of CERES (Clouds and the Earth’s Radiant Energy System) of the National Aeronautics and Space Agency (NASA) was hacked approximately 9:00 p.m. last September 17, 2017. CERES is an organization under NASA which conducts experiments focused on the role of clouds and energy cycle in global climate change.

The website, under the subdomain “https://ceres.larc.nasa.gov/”, was apparently defaced by the hacker under the name of “Prosox”. The said hacker have also previously infiltrated a number of government websites this month, ranging from Columbia and Ukraine, and it seems that his consecutive hacking activities have now reached the U.S. cyber territory.

The hacker Prosox left a particularly long message on the site, expressing resentment towards people for doubting his hacking skills. The message also mentioned the name of “Akuma,” which accordingly, is the hacker’s friend. Prosox had also posted a link of a twitter account claiming to be his own.

While the message portrays that NASA CERES website became only an instrument of the attacker’s display of hacking skills, NASA’s web administrators are yet to find out whether there is a different motive behind this recent cyber-attack

Up to this date, the website, as well as the NASA domain (https://nasa.gov/) are still down and inoperational. It is uncertain whether the domain is hacked as well. The mirror of the hacked web page can be viewed at zone-h website.

The hacked NASA CERES webpage displayed a message as shown in the following image:

A portion of the screenshot of the NASA CERES defaced website.
Meanwhile, shown is the full text of the message the hacker Prosox posted on the NASA CERES website:

Hello there, I am Prosox.

I’ve been tired of folks acting on my back, judging my skills according to my appearance, those people can squeal it: “Prosox is defacing, he is a script kiddie”.

However, those people are really sad persons, and I would not surprised they all end up with a banana thrown in their anus

If for you, real hackers and security researchers are Troy Hunt the “web security expert” (who probably years ago was still an SQL injection skid) and people who think are allowed to despise and put a stick on a young person, only for what they appears to be, seems really dumb.

Indeed, the mutual respect between each other in the security community is really shameful nowadays…

I have nothing to proove, I can admit defacing is childish to some extent, but keep talking, with your heap overflow and return to libc shellcode building articles, you never broke something. You can’t claim you’re skilled, I really can’t understand such injustice towards me…

This Hack : Once again a small hole in a system containing terabytes of code, or seriously something ? I compromised a whole NASA server, whereas a lot of niggers failed to achieve this, all they found is at best an SQL injection. I do have experience reviewing PHP codes seeking for flaws, this hack was, in my opinion, clean, because it took me time to find the hole in their known “CMS” only by reviewing the open source code.

 

Manny Cuevas

My name is Manny Cuevas a Security Researcher / Engineer for about 15 years that focuses on Web and Mobile applications and other platforms from the Island of Sulu, Philippines. I’m also a scientist, inventor and a top ranked hacker in the world that bypass all security systems.

 

Leave a Reply

Your email address will not be published. Required fields are marked *