Hackers have breached servers belonging to the US National Weather Service by exploiting a vulnerability in the weather.gov website, releasing sensitive data from the government systems.
A post on pastebin.com by a group identifying itself as “Kosova Hacker’s Security” took credit for the hack and posted lists of files allegedly copied from the servers as proof.
The group exploited a local file inclusion vulnerability on the weather.gov servers, according to information in the Pastebin document, which said the attack was in retaliation for American aggression against Muslim nations, including cyber attacks.
The leaked information includes a listing of administrative account names, which could open the hacked servers to subsequent brute force attacks against the accounts.
“They hack our nuclear plants using STUXNET and FLAME like malwares , they are bombing us 27*7, we can’t sit silent – hack to payback them,” The Hacker News (THN) reported the hackers as saying.
The local file inclusion vulnerability was patched and the weather.gov site remained up Thursday. However, at least one other vulnerability, a cross site scripting hole, was subsequently identified on the site.
Little is know about the group claiming responsibility for the attack. However, they allege that the weather.gov hack was just one of many US government hacks the group had carried out and that more releases are pending.
Attacks against government systems and banks are raising alarms in the U.S. and elsewhere.
US Secretary of Defense Leon Panetta invoked the image of a “digital Pearl Harbor” in a speech last week, warning that the country is as unprepared for a large scale cyber attack, as it was for the 9/11 terrorist attacks.