Security Experts:

Hacker Group Comes Out of Nowhere to Launch Attacks Against Government Networks

A hacker group going by the name “The Unknowns” is gaining attention for a string of attacks against government and private networks, which started back in March. However, there are questions as to whether or not their recent actions could lead to their downfall.

The Unknowns, as the group refers to themselves, entered the public’s eye a few weeks ago, and since then they have claimed credit for attacks against Oak Ridge National Labs, NASA, the European Space Agency, the French Ministry of Defense, the U.S. Air Force, Harvard, Bahrain’s Ministry of Defense, a French radio station, and the Jordanian Yellow Pages.

One of the most recent attacks included the defacement of Oak Ridge National Labs’ DAAC portal. According to ORNL, the Distributed Active Archive Center (DAAC) “...provides data and information relevant to biogeochemical dynamics, ecological data, and environmental processes, critical for understanding the dynamics relating to the biological, geological, and chemical components of Earth's environment.”

The attack, according to the group’s public face (who is known as Zyklon B), was successful in part thanks to a PHP shell uploaded to the webserver, which was only possible after a staffer at ORNL fell victim to social engineering via email. We’ve reached out to ORNL for a statement. At the time this article went to press, no one was available for comment.

Last week, NASA acknowledged that The Unknowns had targeted a website hosted at the Glenn Research Center. That hack centered on the Interagency Advanced Power Group, and resulted in the loss of 307 records that were taken from a compromised database. However, the records lost and the other information housed on the server were not critical, NASA said.

“NASA security officials detected an intrusion into the site on April 20 and took it offline. The agency takes the issue of IT security very seriously and at no point was sensitive or controlled information compromised,” a spokesperson for the agency said in a statement.

Likewise, the European Space Agency confirmed that an SQL Injection vulnerability was the root cause for their Unknowns-based attack problems, but added that nothing of importance was compromised.

The U.S. Air Force however, has suffered the most at the hands of The Unknowns, after more than 200MB of Official Use Only documents were leaked by the group. The documents were taken from the USAF’s auxiliary Civil Air Patrol.

In terms of justification, The Unknowns are keeping things simple according to public statements.

“Victims, we have released some of your documents and data, we probably harmed you a bit but that's not really our goal because if it was then all of your websites would be completely defaced but we know that within a week or two, the vulnerabilties [sic] we found will be patched and that's what we're actually looking for,” a statement explains.

"The Unknowns" Hack Government SitesOn Twitter, the group mentioned that they will be emailing their victims and informing them how the attacks took place, and sharing additional information in order to help them. While it seems noble, it is unlikely that any of the victims will want the help, and most will be looking to involve law enforcement, especially the government agencies swept up in the attack.

Zyklon B, according to @iHazCandy of Consternation Security, has made too many mistakes. For example, the screenshots posted as proof during the ORNL attack led to the discovery of an IP address in France.

“I had this kid’s IP on day one,” he said [screen shot] during a brief chat Friday morning.

If the information is true, then The Unknowns might not remain that way for long. We’ll keep an eye on the situation surrounding them and update as needed.

view counter
Steve Ragan is a security reporter and contributor for SecurityWeek. Prior to joining the journalism world in 2005, he spent 15 years as a freelance IT contractor focused on endpoint security and security training.