NASA Systems still Vulnerable to Attack even after Warnings

Serious security gaps were found in NASA computers during a recent security audit. According to MSNBC:

“Six computer servers associated with IT [information technology] assets that control spacecraft and contain critical data had vulnerabilities that would allow a remote attacker to take control of or render them unavailable,” the audit report released Monday by Inspector General Paul K. Martin said.

“The attacker could use the compromised computers to exploit other weaknesses we identified, a situation that could severely degrade or cripple NASA’s operations,” the report continued. “We also found network servers that revealed encryption keys, encrypted passwords, and user account information to potential attackers.”

Lets be realistic though, NASA is a very large organization and just by sheer volume would make securing all their systems a very daunting task. But also according to the article, NASA was specifically warned about security lapses and a plan was recommended for remediation:

“In a May 2010 audit report, we recommended that NASA immediately establish an IT security oversight program for this key network,” Monday’s report reads. “However, even though the agency concurred with the recommendation it remained unimplemented as of February 2011.”

I really find this stunning, as NASA has had a very long history with dealing with hackers. They have run the gamut from simple web defacements to more serious penetrations and data theft. A short list of attacks that NASA has faced includes:

  • 2001-2002 – The well known Gary McKinnon penetration. He claimed he was looking for secret information on UFO’s.
  • 2003 – The “Trippin Smurfs” – Jet Propulsion Labs defacement.
  • 2009 – Jeremy Parker Penetration – Accessed a NASA pay service for the science community that provided Oceanic Data recorded from satellites (which is now free).
  • 2009 – The “Code.Breaker” SQL Injection attack – NASA’s “Instrument Systems and Technology Divisions” and “Software Engineering Division” were breached via SQL injection attack. 25 Administrator accounts were compromised.

And let’s not forget about when a couple JPL sites were offering Viagra, and NASA’s twitter site was offering TV’s for sale last year.

Sure, some of these side on the ridiculous, but the fact remains, NASA has faced several serious data attacks over the years.

NASA isn’t just all about space exploration either, they do a lot of scientific research and joint military projects. The fact that a government run entity has been attacked, and then apparently ignored a plan to remedy the situation speaks volumes about our nations ability, or maybe better said desire, to thwart hacking attempts.

About these ads

~ by D. Dieterle on March 29, 2011.

One Response to “NASA Systems still Vulnerable to Attack even after Warnings”

  1. [...] from Cyber Arms via infosecisland.com This entry was posted in Uncategorized. Bookmark the permalink. [...]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
Follow

Get every new post delivered to your Inbox.

Join 274 other followers

%d bloggers like this: