Successful hacks, lost laptops plagued NASA in past year
NASA suffered 13 successful attacks on its systems in 2011, in one case giving attackers “full functional control” over networks at one location, and lost a laptop that held control codes for the International Space Station, the agency’s inspector general told Congress.
NASA IG Paul Martin, in written testimony the House Science, Space, and Technology Committee, said the agency was targeted in by 47 advanced persistent threat attacks in 2011, and 13 of them were successful.
In one case, an attack coming from IP addresses in China gained full access to systems at the agency’s Jet Propulsion Laboratory, Martin wrote. The attackers had access to sensitive user account information and had the ability to modify, copy or delete sensitive files, user accounts to mission-critical systems, steal user credentials for other NASA systems and change logs to cover their tracks.
Romanian charged with hacking into NASA systems
Hacker exposes data on server at NASA Goddard
“In other words, the attackers had full functional control over these networks,” Martin wrote.
Aside from APT attacks, the agency also reported losing 48 mobile devices between April 2009 and April 2011, including the laptop with algorithms used in command and control of the ISS.
The loss of mobile devices at NASA is compounded by the fact that only about 1 percent of them are encrypted, according to the testimony.
“NASA has been slow to implement full-disk encryption on the notebook computers and other mobile computing devices it provides to its employees, potentially exposing sensitive information to unauthorized disclosure when such devices are lost or stolen,” Martin wrote.
Other lost or stolen laptops contained personally identifiable information, including Social Security numbers, on NASA employees and sensitive data on the agency’s Constellation and Orion space flight programs, and information on third-party intellectual property.
“Until NASA fully implements an agencywide data encryption solution, sensitive data on its mobile computing and portable data storage devices will remain at high risk for loss or theft,” Martin wrote.
Attacks against NASA are getting more sophisticated, according to the testimony. Martin cited a cyber crime network operating out of Estonia that the FBI broke up in November 2011. The scheme infected more than 4 million computers in 100 countries, including about 500,000 in the United States, 130 of them owned by NASA.
(Martin didn’t get specific, but it seems he was referring to the DNSChanger click-jacking operation the FBI busted in November, and which could still cause trouble for some unsuspecting users.)
Luckily, NASA didn’t suffer operational harm from the attacks, but “the scope and success of the intrusions demonstrate the increasingly complex nature of the IT security challenges facing NASA and other government agencies,” Martin wrote.
In addition to calling for NASA to adopt a strong device encryption policy, he said the IG’s office will examine the effectiveness of the agency’s Security Operations Center, which was created in November 2008 by consolidating security operations, and how the agency handles incident response.