The group said the certificate was compromised by exploiting an existing vulnerability within the portal’s login system, but they didn’t outline the entire attack. Once they had control over the certificate, they claim to have used it to “obtain User information for thousands of NASA researcher With Emails and Accounts of other users [sic].”
“These incidents spanned a wide continuum from individuals testing their skill to break into NASA systems, to well-organized criminal enterprises hacking for profit, to intrusions that may have been sponsored by foreign intelligence services seeking to further their countries’ objectives,” Paul K. Martin wrote.
The attackers had full functional control over these networks. The Cyber Warriors Team (CWT) said in its post that it had written an HTTPS protocol scanner to find weaknesses, and had found an existing vulnerability in the NASA website, which was identified as that of NASA's Solicitation and Proposal Integrated Review and Evaluation System (NSPIRES) site.