NASA lost 'full control' to hackers, pwned 13 times last year

Houston still has a problem with security


Cybercrooks broke into NASA's computer systems 13 times last year gaining "full functional control" of important systems in the worse cases, according to the testimony before the US Congress by the space agency's inspector general.

Paul Martin told a Congressional panel on information security at the space agency that NASA spent $58m of its $1.5bn annual IT budget on cyber security. The space agency has long been a prestige target for hackers of various skill levels and motivations, including profit-motivated malware distributors (cybercrooks) and intruders thought to be in the pay of foreign intelligence services.

Poorly implemented security policies mean that these attacks were often successful. In 2010 and 2011, NASA reported 5,408 computer security incidents that resulted in the installation of malicious software on or unauthorised access to its systems, Martin testified (PDF) before the US House Committee on Science, Space and Technology last Wednesday.

Some of these intrusions have affected thousands of NASA computers, caused significant disruption to mission operations, and resulted in the theft of export-controlled and otherwise sensitive data, with an estimated cost to NASA of more than $7m.

In the most serious of these incidents, hackers gained control of systems at NASA's Jet Propulsion Laboratory. The attack was traced back to IP addresses in China, Martin explained. Another of the most serious APT (advanced persistent threats) that hit NASA last year resulted in the extraction of user credentials from 150 space agency workers.

Martin told the panel:

In FY 2011, NASA reported it was the victim of 47 APT attacks, 13 of which successfully compromised Agency computers. In one of the successful attacks, intruders stole user credentials for more than 150 NASA employees – credentials that could have been used to gain unauthorised access to NASA systems. Our ongoing investigation of another such attack at JPL involving Chinese-based internet protocol (IP) addresses has confirmed that the intruders gained full access to key JPL systems and sensitive user accounts."

The compromised access would have allowed hackers to gain "full functional control over these networks" including the ability to extract data, delete sensitive files, plant hacking tools, add accounts or modify logs meant to provide a warning that such attacks had taken place.

More than 130 NASA computers were infected by DNS changer malware connected to the Operation Ghost Click bust, Martin testified. NASA computers were among the millions of PCs worldwide infected by malware capable of highjacking internet searches to run click-fraud scams, punt scareware at potential victims and to promote unlicensed pharmaceutical stores.

Fortunately, we found no evidence of operational harm to NASA or compromise of sensitive data caused. Nevertheless, the scope and success of the intrusions demonstrate the increasingly complex nature of the IT security challenges facing NASA and other Government agencies.

Martin noted the agency faced particular difficulties, including its need to share its scientific research, and acknowledged the agency had made progress in improving security loopholes uncovered by previous audits. Nonetheless he criticised the agency for lagging behind other US government agencies in encrypting data on laptop computers.

He said the government-wide encryption rate for mobile devices stood at around 54 per cent. However, as at the start of February 2012, only 1 per cent of NASA portable devices/laptops have been encrypted.

Between April 2009 and April 2011, NASA reported the loss or theft of 48 of the agency's mobile computing devices, some of which resulted in the leak of all manner of sensitive data. For example, the March 2011 theft of an unencrypted NASA notebook computer resulted in the loss of the codes used to command and control the International Space Station. Other lost or stolen notebooks contained Social Security numbers and sensitive data on NASA’s Constellation and Orion programmes. Martin warned:

Until NASA fully implements an Agency-wide data encryption solution, sensitive data on its mobile computing and portable data storage devices will remain at high risk for loss or theft.

Martin added that Office of Inspector General investigators had conducted more than 16 separate investigations of breaches of NASA networks during recent years, several of which have resulted in the arrests and convictions of foreign nationals in China, Great Britain, Italy, Nigeria, Portugal, Romania, Turkey, and Estonia.

NASA was one of the organisations breached by the British hacker Gary McKinnon, during his self-admitted search for UFO files on US military systems during 2001 and 2002. A decade after his initial arrest, McKinnon and his supporters are still fighting attempts to extradite him to the US to answer charges related to alleged intrusions against US military and NASA systems.

Linda Cureton, NASA's Chief Information Officer, defended the space agency's record in a statement (PDF) submitted to the Congressional committee.

She said:

Like most Federal agencies, NASA has seen the full spectrum of cyber attacks, ranging from minor attacks, where countermeasures are sufficient and appropriate, to sophisticated attacks where in some cases countermeasures are reactive and need improvement. NASA has a high public and internet profile, its information can be highly attractive to attackers, and whenever IT security compromises occur they tend to generate media attention when the information is public in nature.

NASA has acted on previously reported shortcomings by scanning its websites for flaws, improving its patch management and developing an incident response programme, she explained.

She added:

Since NASA’s infrastructure is worldwide, the agency is striving to achieve a risk-based balance between security, system operability, and user requirements. While demanding a culture of security awareness, NASA will continue to improve the defense of our IT security posture and build security into the System Development Life Cycle (SDLC) of our IT solutions and everyday work habits.

®

Similar topics


Other stories you might like

  • NASA circles August in its diary to put Artemis I capsule in Moon orbit
    First steps by humans to recapture planet's natural satellite

    NASA is finally ready to launch its unmanned Orion spacecraft and put it in the orbit of the Moon. Lift-off from Earth is now expected in late August using a Space Launch System (SLS) rocket.

    This launch, a mission dubbed Artemis I, will be a vital stage in the Artemis series, which has the long-term goal of ferrying humans to the lunar surface using Orion capsules and SLS technology.

    Earlier this week NASA held a wet dress rehearsal (WDR) for the SLS vehicle – fueling it and getting within 10 seconds of launch. The test uncovered 13 problems, including a hydrogen fuel leak in the main booster, though NASA has declared that everything's fine for a launch next month.

    Continue reading
  • NASA wants nuclear reactor on the Moon by 2030
    Space boffins task engineers with creating 40kW lunar fission plant that can operate for ten years

    NASA has chosen the three companies it will fund to develop a nuclear fission reactor ready to test on the Moon by the end of the decade.

    This power plant is set to be a vital component of Artemis, the American space agency's most ambitious human spaceflight mission to date. This is a large-scale project to put the first woman and first person of color on the Moon, and establish a long-term presence on Earth's natural satellite.

    NASA envisions [PDF] astronauts living in a lunar base camp, bombing around in rovers, and using it as a launchpad to explore further out into the Solar System. In order for this to happen, it'll need to figure out how to generate a decent amount of power somehow.

    Continue reading
  • NASA to commission independent UFO study
    The truth is out there, and the space agency intends to find it – scientifically

    Over recent years, Uncle Sam has loosened its tight-lipped if not dismissive stance on UFOs, or "unidentified aerial phenomena", lest anyone think we're talking about aliens. Now, NASA is the latest body to get in on the act.

    In a statement released June 9, the space agency announced it would be commissioning a study team, starting work in the fall, to examine unidentified aerial phenomena or UAPs, which it defined as "observations of events in the sky that cannot be identified as aircraft or known natural phenomena."

    NASA emphasized that the study would be from a "scientific perspective" – because "that's what we do" – and focus on "identifying available data, how best to collect future data, and how NASA can use that data to move the scientific understanding of UAPs forward."

    Continue reading
  • Whatever hit the Moon in March, it left this weird double crater
    NASA probe reveals strange hole created by suspected Chinese junk

    Pic When space junk crashed into the Moon earlier this year, it made not one but two craters on the lunar surface, judging from images revealed by NASA on Friday.

    Astronomers predicted a mysterious object would hit the Moon on March 4 after tracking the debris for months. The object was large, and believed to be a spent rocket booster from the Chinese National Space Administration's Long March 3C vehicle that launched the Chang'e 5-T1 spacecraft in 2014.

    The details are fuzzy. Space agencies tend to monitor junk closer to home, and don't really keep an eye on what might be littering other planetary objects. It was difficult to confirm the nature of the crash; experts reckoned it would probably leave behind a crater. Now, NASA's Lunar Reconnaissance Orbiter (LRO) has spied telltale signs of an impact at the surface. Pictures taken by the probe reveal an odd hole shaped like a peanut shell on the surface of the Moon, presumably caused by the Chinese junk.

    Continue reading
  • NASA tricks Artemis launch computer by masking data showing a leak
    Plus it aborts ISS reboost. Not the greatest start to the week, was it?

    NASA engineers had to work fast to avoid another leak affecting the latest Artemis dry run, just hours after an attempt to reboost the International Space Station (ISS) via the Cygnus freighter was aborted following a few short seconds.

    The US space agency on Monday rolled the huge Artemis I stack back to its Florida launchpad having worked through the leaks and problems that had beset its previous attempt at fueling the beast in April for an earlier dress rehearsal of the final countdown.

    As propellant was loaded into the rocket, controllers noted a hydrogen leak in the quick-disconnect that attaches an umbilical from the tail service mast on the mobile launcher to the core stage of the rocket.

    Continue reading
  • NASA's SOFIA aircraft preps for final flights ahead of mission end
    With operations deadline in September, team eager to squeeze more data out of infrared observatory

    The SOFIA aircraft has returned to New Zealand for a final time ahead of the mission's conclusion later this year.

    The Stratospheric Observatory for Infrared Astronomy (SOFIA) is a modified Boeing 747SP aircraft, designed to carry a 2.7-meter reflecting telescope into the stratosphere, above much of Earth's infrared-blocking atmosphere.

    A collaboration between NASA and the German Aerospace Center (DLR), development began on the project in 1996. SOFIA saw first light in 2010 and achieved full operational capability in 2014. Its prime mission was completed in 2019 and earlier this year, it was decided that SOFIA would be grounded for budgetary reasons. Operations end "no later than" September 30, 2022, followed by an "orderly shutdown."

    Continue reading
  • NASA ignores InSight's battery woes in pursuit of data
    Space boffins: Nevermind ekeing out the battery, let it go out in a blaze of glory!

    Pondering what services to switch off to keep your laptop going just that bit longer? NASA engineers can relate, having decided the Mars InSight lander will go out on a high: they plan to burn through the remaining power to keep the science flowing until the bitter end.

    The InSight lander is in a precarious position regarding power. A build-up of dust has meant the spacecraft's solar panels are no longer generating anywhere near enough power to keep the batteries charged. The result is an automatic shutdown of the payload, although there is a chance InSight might still be able to keep communicating until the end of the year.

    Almost all of InSight's instruments have already been powered down, but the seismometer remains active and able to detect seismic activity on Mars (such as Marsquakes.) The seismometer was expected to be active until the end of June, at which point it too would be shut-down in order to eke out the lander's dwindling supply of power just a little longer.

    Continue reading
  • Astra fails, sends NASA's Tropics weather satellites back to Earth
    Orbital success counter stuck at 2 as upper stage of rocket shuts down early and CubeSats lost

    The first of NASA's TROPICS constellation launches came to an unscheduled end over the weekend as the Astra launch vehicle it was riding failed to deliver the cubesats to orbit.

    It was all going so well. The two cubesats lifted off atop an Astra Rocket 3 from Space Launch Complex 46 at approximately 1343 EDT on June 12, 2022.

    The initial flight seemed go swimmingly, but things went wrong after the first stage had completed. Viewers of video streaming live from the rocket saw what appeared to be the start of some tumbling before the feed was abruptly cut off. NASA's California-based commercial rocket-making partner Astra confirmed that the upper stage had shut down early, dooming the payload to a considerably earlier than planned rendezvous with Earth.

    Continue reading
  • Meteoroid hits main mirror on James Webb Space Telescope
    Impact at the end of May bad enough to garble data, but NASA isn't worried

    The James Webb Space Telescope has barely had a chance to get to work, and it's already taken a micrometeoroid to its sensitive primary mirror.

    The NASA-built space observatory reached its final destination, the L2 orbit, a million miles away from Earth, at the end of January.

    In a statement, NASA said the impact happened some time at the end of May. Despite the impact being larger than any that NASA modeled and "beyond what the team could have tested on the ground," the space agency said the telescope continues to perform at higher-than-expected levels. The telescope has been hit on four previous occasions since launch.

    Continue reading
  • Israeli air raid sirens triggered in possible cyberattack
    Source remains unclear, plenty suspect Iran

    Air raid sirens sounded for over an hour in parts of Jerusalem and southern Israel on Sunday evening – but bombs never fell, leading some to blame Iran for compromising the alarms. 

    While the perpetrator remains unclear, Israel's National Cyber Directorate did say in a tweet that it suspected a cyberattack because the air raid sirens activated were municipality-owned public address systems, not Israel Defense Force alarms as originally believed. Sirens also sounded in the Red Sea port town of Eilat. 

    Netizens on social media and Israeli news sites pointed the finger at Iran, though a diplomatic source interviewed by the Jerusalem Post said there was no certainty Tehran was behind the attack. The source also said Israel faces cyberattacks regularly, and downplayed the significance of the incident. 

    Continue reading

Biting the hand that feeds IT © 1998–2022