NASA Computers Hacked Repeatedly in Last Two Years

NASA has been hit repeatedly by hackers during the last two years – including an incident where attackers compromised systems at the agency’s Jet Propulsion Laboratory.

NASA has been hit repeatedly by hackers during the last two years – including an incident where attackers compromised systems at the agency’s Jet Propulsion Laboratory.

The situation was revealed in testimony Feb. 29 by NASA Inspector General Paul Martin before the House Science, Space and Technology subcommittee. According to Martin, the agency discovered in November 2011 that hackers using a China-based IP address had compromised the network of NASA’s Jet Propulsion Laboratory (JPL) and gained full access to JPL systems and sensitive user accounts. The incident remains under investigation. In fiscal year 2011, the agency was targeted with 47 attacks he called advanced persistent threats (APTs), of which 13 were successful at compromising agency systems.

All totaled, the agency reported 5,408 computer-security incidents from 2010 and 2011 that resulted in either the installation of malware or unauthorized access to the agency’s computer systems.

“These incidents ranged from individuals testing their hacking skills, to well-organized criminal enterprises seeking to exploit NASA systems for profit, to intrusions that may have been sponsored by foreign intelligence services,” Martin said in the hearing.

Martin also revealed that a notebook computer stolen in March 2011 resulted in the loss of algorithms used to control the International Space Station. The laptop was one of 48 NASA notebooks or mobile devices pilfered by thieves between April 2009 and April 2011; thefts that resulted in sensitive data leaks and the loss of personal information and intellectual property, Martin said.

As of Feb. 1, only one percent of NASA’s portable devices/laptops were encrypted, Martin added. 

In 2010, a NASA audit revealed the agency’s policies towards machines slated for disposal were inconsistent and often lax. For example, there was no “sanitation verification testing” for PCs at the end of their lifecycle at the Lyndon B. Johnson Space Center, and 10 computers from the John F. Kennedy Space Center were released to the public despite failing tests to see if they had been properly wiped.

Suggested articles

Discussion

  • Anonymous on

    1% ?!?!?!?!?!

  • mike mastela on

    A private company with security record like that can be called one thing - out of business!

  • StygianAgenda on

    Really, this isn't that surprising.  As much as the public would like to complain, budget cuts, under-staffing in IT, and the nature of the denizens of the net itself are just as much to blame as lax-security practices.  

    I can personally attest to the prolonged attacks stemming from IPs within the PRC, as I've had to take extreme meassures to keep them out of the networks I manage... so much so that I've deployed systems that block all traffic to-and-from the PRC's CIDRs.  At my day job, which is in government IT, I've had to take just as extreme meassures to protect our email systems from attempted incursions via that methodology.  I can only hope that our (native of India) firewall administrator would take as extreme of measures for all our border traffic.   At this point, under such a record of prolonged attacks and no effort by the PRC government to stop these attacks coming from within their borders, it doesn't make much sense to allow any traffic from the PRC or any of it's territories to any USGov resource that isn't hardened against any and all attacks.  

    This is an area where I tend to agree with the US-DoD's recent stance that any cyber attack on their systems is an act of war... but I go further to say it should be treated as such and responded to in-kind.  It's time we began ripping apart the infrastructure of any and all who would attack us.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.