Friday, March 02, 2012

NASA - And The Cyberwar

"Report: Hackers Seized Control Of NASA Computers" by Dan Merica (CNN), WCVB Boston 3/2/2012

NASA Says It Was Subject To 47 Hacking Incidents In Fiscal Year 2011

Hackers with IP addresses originating from China took control of computers in NASA's Jet Propulsion Laboratory last November, according to a report from the space agency's inspector general.

The attack led to intruders gaining access to 150 NASA employee credentials. Additionally, the report stated that the ongoing investigation into the incident found that the hackers gained the ability to "modify, copy or delete sensitive files" and "upload hacking tools to steal user credentials and compromise other NASA systems.

"In other words," writes Inspector General Paul K. Martin, "the attackers had full functional control over these networks."

Though highlighted, this attack was far from the only violation of NASA networks and computers.

In fiscal year 2011, NASA reported it was subject to 47 hacking incidents -- 13 of which successfully compromised the agencies computers. In total, 5,408 computer security incidents "that resulted in the installation of malicious software on or unauthorized access to its systems" were reported by NASA in 2010 and 2011.

"These incidents spanned a wide continuum from individuals testing their skill to break into NASA systems, to well-organized criminal enterprises hacking for profit, to intrusions that may have been sponsored by foreign intelligence services seeking to further their countries' objectives," writes Martin.

NASA has conducted 16 investigations over the last 5 years, investigations that led to the arrests of foreign nationals from China, Great Britain, Italy, Nigeria, Portugal, Romania, Turkey and Estonia.

These intrusions, the report continues, "have affected thousands of NASA computers, caused significant disruption to mission operations, and resulted in the theft of export-controlled and otherwise sensitive data, with an estimated cost to NASA of more than $7 million."

Loss and theft has also been an issue for NASA. Forty-eight agency mobile computing devices were reported lost or stolen between April 2009 and April 2011. This led to the possibility that sensitive algorithms and data landed in unauthorized hands.

"For example, the March 2011 theft of an unencrypted NASA notebook computer resulted in the loss of the algorithms used to command and control the International Space Station," Martin writes.

Martin testified in front of Congress on Wednesday and the report served as a precursor to his testimony. While in front of a House committee, Martin spoke about the slow pace of encryption for the agencies' mobile devices and the lack of technological security monitoring at NASA.


"Stolen NASA laptop contained space station control codes" by Matt Liebowitz (SecurityNewsDaily), Mother Nature Network 3/1/2012

A laptop stolen from NASA last year was unencrypted and contained command and control codes for the International Space Station (ISS) on it, the agency's inspector general told a United States House subcommittee on Feb. 29.

In his testimony before a Science, Space and Technology House subcommittee, NASA Inspector General Paul K. Martin said the notebook computer stolen in March 2011 "resulted in the loss of the algorithms" used to control the ISS. This particular laptop, Martin said, was one of 48 NASA notebooks or mobile devices stolen between April 2009 and April 2011.

Some of these thefts resulted in the leak of sensitive data "including export-controlled, Personally Identifiable Information, and third-party intellectual property," as well as Social Security numbers and data on NASA's Constellation and Orion programs, Martin said.

he actual number of stolen and compromised devices could be much higher because NASA relies on employees to self-report incidents.

In an email, NASA public affairs officer Trent Perrotto told SecurityNewsDaily that "at no point in time have operations of the International Space Station been in jeopardy due to a data breach."

"NASA has made significant progress to better protect the agency's IT systems and is in the process of implementing the recommendations made by the NASA Inspector General in this area," Perrotto added.

In 2011, NASA, which Martin rightly called a "target-rich environment for cyberattacks," was the target of 47 advanced persistent threats (APTs), 13 of which successfully compromised NASA computers.

These attacks are part of the 5,408 cybersecurity incidents in 2010 and 2011 that resulted in unauthorized intrusions or malware being planted on its systems and cost the space agency an estimated $7 million.

"These incidents spanned a wide continuum from individuals testing their skill to break into NASA systems, to well-organized criminal enterprises hacking for profit, to intrusions that may have been sponsored by foreign intelligence services seeking to further their countries' objectives," Martin said.

An example of one of these "skill-testing" hacks is the attack perpetrated by "TinKode," a 20-year-old Romanian hacker (real name Razvan Manole Cernainu), who tapped into a computer server at NASA's Goddard Space Flight Center in April 2011.

Martin continued, "Some of these intrusions have affected thousands of NASA computers, caused significant disruptions to mission operations, and resulted in the theft of export-controlled and otherwise sensitive data."

Martin's testimony highlights the difficulties NASA information technology officials face in securing the agency's laptops and mobile devices. As of Feb. 1, 2012, only 1 percent of NASA portable devices and laptops have been encrypted.

"Until NASA fully implements an agency-wide data encryption solution, sensitive data on its mobile computing and portable data storage devices will remain at high risk for loss or theft," he said.

Martin said software vulnerabilities in NASA computers are often left unpatched, a problem stemming from an IT chain of command in which the chief information officer "has limited ability" to fully implement mandated IT security programs across the agency.

No comments: