NASA: Hackers had 'full functional control'

NASA this week released details of security breaches the organization has recently experienced. Out of 47 attempts last year, hackers managed to penetrate NASA's computer network 13 times.
Written by Emil Protalinski, Contributor

The National Aeronautics and Space Administration (NASA) has finally revealed how badly it was attacked by hackers last year. The space agency's Inspector General Paul Martin explained in a testimony to Congress how NASA's computer network was penetrated by hackers at least 13 times in 2011.

Furthermore, one China-based breach in November resulted in total control of crucial systems and employee accounts at NASA's Jet Propulsion Laboratory (JPL), including full system access, the ability to modify/copy/delete sensitive files, and even upload hacking tools for wreaking further havoc. The personal credentials of 150 employees were stolen. The attack involving Chinese IP addresses is still under investigation.

Here's an excerpt of the 10-page report, titled "NASA Cybersecurity: An Examination of the Agency’s Information Security" (PDF), written by the Office of Inspector General (OIG):

In FY 2011, NASA reported it was the victim of 47 APT attacks, 13 of which successfully compromised Agency computers. In one of the successful attacks, intruders stole user credentials for more than 150 NASA employees – credentials that could have been used to gain unauthorized access to NASA systems. Our ongoing investigation of another such attack at JPL involving Chinese-based Internet protocol (IP) addresses has confirmed that the intruders gained full access to key JPL systems and sensitive user accounts. With full system access the intruders could: (1) modify, copy, or delete sensitive files; (2) add, modify, or delete user accounts for mission-critical JPL systems; (3) upload hacking tools to steal user credentials and compromise other NASA systems; and (4) modify system logs to conceal their actions. In other words, the attackers had full functional control over these networks.

Another security failure occurred in March, when an unencrypted NASA notebook computer containing algorithms to command and control the International Space Station, was stolen. NASA insists the station was never in any jeopardy. The report also noted that only 1 percent of NASA's mobile computing devices are encrypted, and 48 were stolen between April 2009 and April 2011.

In a separate event, hackers grabbed the user credentials belonging to more than 150 employees, which in turn could have been used to gain unauthorized access to NASA systems. Martin admitted the agency failed to move quickly enough to ensure those hackers wouldn't be able to take advantage of the credentials.

Martin's report further reveals that NASA saw more than 5,408 incidents of malicious software or unauthorized access of its computers between October 1, 2010, and September 30, 2011. NASA estimated the total cost of these security incidents at more than $7 million. The written testimony was delivered Wednesday to a hearing of the House Committee on Science, Space and Technology's Subcommittee on Investigations and Oversight.

OIG investigators have conducted more than 16 separate investigations of NASA computer network breaches over recent years. The motivation of the hackers ranged from "individuals testing their skill to break into NASA systems, to well-organized criminal enterprises hacking for profit, to intrusions that may have been sponsored by foreign intelligence services." Hacking suspects have been arrested in China, Estonia, Great Britain, Italy, Nigeria, Portugal, Romania, and Turkey.

"NASA has made significant progress to better protect the agency's IT systems and is in the process of implementing the recommendations made by the NASA Inspector General in this area," a NASA spokesperson said in a statement.

See also:

Editorial standards