NASA site blocks out Brazil

NASA site blocks out Brazil

Summary: NASA's JPL says it’s blocking Brazilian access to its Web servers due to a wave of computer attacks.

SHARE:
Brazil, we have a problem: NASA's Jet Propulsion Laboratory says it's blocking Brazilian access to its Web servers due to a wave of computer attacks from different locations in that South American nation. But a spokesman emphasized Tuesday that the blockage would remain in effect only until more thorough security measures were put in place.

The blocking maneuver comes amid a wave of concern about new techniques for attacking remote computers - including the "zombie attacks" that brought down a series of heavy-duty Web sites last month.

The Jet Propulsion Laboratory, a NASA center managed by the California Institute of Technology, ranks as one of the Internet's most popular sites - with extensive resources on robotic space exploration and images of other worlds. It's also a prime target for computer intrusions: Attrition.org, a security-oriented Web clearinghouse, says JPL servers have been compromised at least seven times in the past year.

JPL's current ban on Brazilian data traffic was first brought to light Tuesday by Geovani Balbino, a network analyst at the Bank of Brazil's office in Brasilia. Balbino said he noticed more than two weeks ago that he was no longer able to gain access to the JPL site, even though other NASA sites were unaffected.

"I'm just a space enthusiast," he told MSNBC, "so every day I check those sites."

Balbino said he traced the path that his packets of data were taking and found that they were blocked at the final jump to JPL. He went so far as to correspond with the laboratory's network personnel, and said he was finally told that Brazilian traffic was blocked because attacks from numerous sites in Brazil had compromised computer security at JPL.

JPL spokesman Frank O'Donnell confirmed that Brazil - Latin America's most populous country and the Internet's 19th-ranked top-level domain - was being blacklisted for now.

"From time to time, when JPL security people detect hacker activity emanating from a particular part of the world, or particular subnets, they will block access until they get the situation resolved," he told MSNBC.

Such measures are usually not publicized, and O'Donnell declined to provide further details. "The concern we always have with computer security issues is that if you give out too much detail ... it could potentially provide information to people with an interest in hacking," he said.

"The thing we want to stress is that it's not permanent by any stretch of the imagination," he said. The potential vulnerability "should be resolved fairly quickly."

Blocking traffic from an entire network or country isn't as extreme a measure as it may sound, said Mark Zajicek, daily operations team leader at the CERT Coordination Center. "In general, that is something that's quite often done, usually to give the system administrators more breathing space and limit the traffic that might be coming from a particular source," Zajicek told MSNBC.

The Pittsburgh center, which is part of the Pentagon-funded Software Engineering Institute at Carnegie Mellon University, serves as a national clearinghouse for computer security issues. Although Zajicek couldn't comment specifically about JPL's actions, he said "it's very easy" to block traffic "on a per-domain, or per-site or per-host basis."

"As far as how effective it is - it depends," he said. Some attacks involve "spoofing" the source of the assault, so that an attack appearing to come from Brazil actually originates somewhere else.

"The newer distributed denial-of-service attacks are exactly those kinds of attacks that this reaction (blocking domains) is not effective against," he said.

O'Donnell said he was not aware that JPL servers were involved in last month's distributed computer attacks, but he said the organization was on guard.

"Computer security is a subject that's taken seriously here, and obviously there can be many avenues of attack, such as the recent denial-of-service attacks on some of the commercial sites, as well as other modes," he said. "It's always a bit of a challenge because there are a large number of computer hosts at a large technical organization like JPL."

Zajicek, meanwhile, declined to comment on whether would-be intruders have targeted NASA computers.

"In general, the attacks can span the entire demographics of the Internet. ... The intruders were trying to find any host that had high bandwidth to the Internet," Zajicek said. "You could find those in all different types of organizations."

Topics: Nasa / Space, Security, Servers

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

6 comments
Log in or register to join the discussion
  • Upset

    I'm another Brazilian space enthusiast, and I'm very upset about that.

    I was prepared to follow the docking event witch will be streamed live by NASA, beginning at 11 p.m. on Wednesday May 16.

    Hope until there we have access consent...
    marc_ric@...
    • Counting

      Brazilians are forced out of NASA 3 days ago and counting. Are those infamous hackers so dangerous for NASA?
      marc_ric@...
  • Conting

    Brazilians are forced out of NASA since May 16th - 5 days and counting. Are those infamous hackers more powerful then NASA?
    marc_ric@...
  • Counting

    Brazilians are forced out of NASA since May 16th - 7 days and counting. Are those infamous hackers more powerful then NASA?
    marc_ric@...
  • Counting

    Brazilians are forced out of NASA since May 16th - 14 days and counting. Are those infamous hackers more powerful then NASA?
    marc_ric@...
  • Counting

    Brazilians are forced out of NASA since May 16th - 20 days and counting. Are those infamous hackers more powerful then NASA?
    marc_ric@...