The release of information in the aftermath of a high profile hack is often a hodgepodge of information with sometimes dubious accuracy. It’s not always easy to tell what happened exactly, or specifically who is involved, but as time goes on and more pieces make their way out of the organization on the receiving end of the hack, the picture becomes much more clear. This is a standard model that holds true when looking at governmental organizations as well, although the information can sometimes painstakingly drip out over a number of years instead of weeks or months.
Such was the case when it was revealed that the National Aeronautics and Space Administration was infected with a worm in 1989. Just as NASA began the launch of the Galileo space probe in October of 1989, a controversy began growing around the probe’s nuclear power. Amid this backdrop of international interest, NASA’s top scientists started noticed something odd happening with their work computers. Dr. Suelette Dreyfus, technologist at Melbourne University describes the scene in this way, “The scientists would come in in the morning and put down their cup of coffee and try and log in and they would find that instead of their scientific data, there was a screen that would appear that said “your system has been WANKED!”
It was one of the first recorded incidents of something that would come to be known in subsequent decades as “hacktivism”. Before NASA knew it, they had a full blown worm infection on its hands. After an extensive cleanup effort, NASA took interest in where the worm came from, only knowing that it had originated from outside of NASA’s networks. At first, NASA’s interest fell on France, but ultimately it seemed that the origin was actually from Australia.
Materials released by NASA in response to a FOIA request and dated one month after the infection was believed to have started, offer a first look at what was being reported internally at NASA in the midst of the WANK infection. Although the release is quite short, there are some crucial detail that raise more questions about this decades old intrusion – particularly around the code itself.
On the second slide under the heading “Space Physics Analysis Network (SPAN) Worm Incident”, NASA points out a few interesting bits of information.
One of the most interesting pieces of this section is the notation of a two-phased attack. What makes this noteworthy is that the section implies that there were two pieces of code used - one piece of code that was used when the infection began on October 16th 1989, and another “improved version” that was discovered 13 days later.
In another note two slides later, the report notes that the Federal Bureau of Investigation and NASA’s Inspector General were investigating the breach.
What makes this part interesting is that rumors have always circulated that Julian Assange may have played a role in the WANK worm infection, though he has never confirmed this himself. If Assange was indeed involved, it may have been the first time that FBI ever opened an investigation into him and his activities.
While this release is small, it packs a big punch for a relatively obscure hacktivist incident that predates the movie Hackers by five years. It sheds light on one of the earliest examples of the fashioning of the “90’s hacker culture” milieu that would come to represent what is now seen by many in the information security community as a golden age of information security, where attacks were literally delivered through phone lines and where law was not yet ready to go.
Read the full release embedded below or on the request page, and support the Hacking History project here.