A hacker with a history of breaking into high profile websites to expose poor security has claimed to have broken into an FTP site belonging to NASA’s Goddard Space Flight Center, based in Greenbelt, Maryland.
The serial hacker, who calls himself TinKode and is believed to hail from Romania, posted images on the web as supporting evidence of the hack.
Previous targets to have fallen at the hands of TinKode include the Royal Navy website and MySQL.com which succumbed (oh, the irony!) to an SQL injection attack.
TinKode is one of a new breed of hacker, courting the media and announcing his successful hacks via web postings and announcements on his Twitter account.
The good news is that the mysterious TinKode appears to be spurred on more by the desire to embarrass organisations into tightening their web security than financial motivation.
In an interview with Network World, TinKode compared his work to a free security audit:
Until now, no. I don't do bad things. I only find and make public the info. Afterwards I send an email to them to fix the holes. It's like an security audit, but for free.
Nevertheless, his actions are still against the law and he could face prosecution if brought to court. Others would be unwise to follow in TinKode’s footsteps.
Of course, prevention is always better than cure – and less embarrassing too. If you haven’t already done so, check out our free technical paper about “Securing websites”, which discusses common ways web servers are attacked and the various ways they can be protected.