TinKode hacks into NASA servers, posts evidence of breach online

NASA Goddard centerA hacker with a history of breaking into high profile websites to expose poor security has claimed to have broken into an FTP site belonging to NASA’s Goddard Space Flight Center, based in Greenbelt, Maryland.

The serial hacker, who calls himself TinKode and is believed to hail from Romania, posted images on the web as supporting evidence of the hack.

Previous targets to have fallen at the hands of TinKode include the Royal Navy website and MySQL.com which succumbed (oh, the irony!) to an SQL injection attack.

Evidence of NASA hack

Sign up to our free newsletter.
Security news, advice, and tips.

TinKode is one of a new breed of hacker, courting the media and announcing his successful hacks via web postings and announcements on his Twitter account.

The good news is that the mysterious TinKode appears to be spurred on more by the desire to embarrass organisations into tightening their web security than financial motivation.

In an interview with Network World, TinKode compared his work to a free security audit:

Until now, no. I don't do bad things. I only find and make public the info. Afterwards I send an email to them to fix the holes. It's like an security audit, but for free.

Nevertheless, his actions are still against the law and he could face prosecution if brought to court. Others would be unwise to follow in TinKode’s footsteps.

Of course, prevention is always better than cure – and less embarrassing too. If you haven’t already done so, check out our free technical paper about “Securing websites”, which discusses common ways web servers are attacked and the various ways they can be protected.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.