Chinese Hackers Took over NASA’s JPL Systems in November

Hackers with Chinese based IP addresses took over NASA’s Jet Propulsion Laboratory back in November, according to a report Wednesday night from Paul K. Martin, NASA’s Inspector General:

Some of these intrusions have affected thousands of NASA computers, caused significant disruption to mission operations, and resulted in the theft of export-controlled and otherwise sensitive data, with an estimated cost to NASA of more than $7 million.”

According to Foxnews, the attack “could have allowed them (to) delete sensitive files, add user accounts to mission-critical systems, upload hacking tools, and more — all at a central repository of U.S. space technology.”

Since the late 1990’s China has targeted US Military and Space systems, all in an attempt to infiltrate DoD systems, exfiltrate scientific and defense data and attempt to control America’s cyber space.

NASA’s IT is working on locking down their systems to prevent further intrusions. Michael Cabbage, a spokesman for NASA reports, “NASA has made significant progress to better protect the agency’s IT systems and is in the process of implementing the recommendations made by the NASA Inspector General in this area.”

Though IP addresses can be spoofed and attacks proxied through numerous machines, maybe the Chinese IP range should be blocked from sensitive US government systems?

7 thoughts on “Chinese Hackers Took over NASA’s JPL Systems in November”

  1. I still fail to see why JPL’s critical systems (or the military’s for that matter) have an internet connection. Even if you’re hooking them up over a network to access remote systems, lock it down to specified IP addresses with verified accounts. This is simple and inexpensive.

    1. Absolutely! Even though these systems were originally on the internet, there is no reason to keep them there. Going to internet2 only might help, but again, there is no reason why classified military systems should have any connection to the public internet.

  2. They have to do more than just implement IP filtering from trusted devices. There are several methods to get around this (Source routing, IP spoofing etc.) Most of the threats are user based. Targeted emails are sent to such employees disguised to be from legit sources. An ill-educated user base will not know the difference and when they do realize what their actions entailed it is already too late. User education is key along with a sound security program. A multi-layered approach is needed.(Network perimeter, host perimeter, host-app).

    1. Again this is all assuming that the devices are internet capable devices which according to this post, seems to be the case for quite some time now.

    2. Absolutely, targeted phishing attacks are really doing a number on government and even hi-tech companies. The payloads are packed and obfuscated to bypass AV, and if run, connect out from the machine back to the attacker bypassing Fire walls.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.