.
3/4/13, "NASA Repeatedly Attacked, Jet Propulsion Lab Compromised," eweek.com, F. Rashid
"The National Aeronautics and Space Administration was under heavy
attack over the past two years, as adversaries tried to infect machines
with malware or use advanced persistent threats to get into the network,
according to Congressional testimony.
Attackers from a Chinese-based IP address had breached the network at
NASA's Jet Propulsion Laboratory and gained full access to the networks
and sensitive user accounts, NASA Inspector General Paul Martin told the House Science, Space and Technology committee Feb. 29. NASA made the discovery in November, and the JPL incident is still under investigation, according to Martin.
There have been a total of 5,408 security incidents in 2010 and 2011
that resulted in either malware being installed on NASA systems or
attackers gaining unauthorized access to the agency's systems, Martin
said. There were 47 APT incidents in fiscal year 2011, of which 13 had
succeeded. In one attack, perpetrators stole user credentials for more
than 150 employees, according to Martin.
"These incidents ranged from individuals testing their hacking
skills, to well-organized criminal enterprises seeking to exploit NASA
systems for profit, to intrusions that may have been sponsored by
foreign intelligence services," Martin said.
The attacks affected "thousands" of NASA computers, caused
"significant disruption" to mission operations, and resulted in theft of
sensitive data which cost NASA more than $7 million, Martin said.
The Subcommittee on Investigations and Oversight met to examine the
NASA Office of the Inspector General (IG) reports and to discuss how to
protect the agency from future attacks.
"NASA is a high-priority target for criminals and state-level actors
attempting to steal, compromise, or corrupt technical data," according
to a document prepared by the subcomittee prior to the hearing.
NASA technology is "inherently dual-use in nature," meaning that the
information obtained could be used both for military purposes as well
as in civilian-focused applications, according to the document. If
compromised, there would be "significant nonproliferation concerns," the
subcommittee members wrote.
In the attack on JPL systems, the intruders had full system access
and could modify, copy or delete sensitive files; add, modify or delete
user accounts for mission-critical JPL systems; upload tools to steal
user credentials or compromise other systems; and modify system logs to
hide their activities.
There were "systemic internal control weaknesses in NASA's IT
security control monitoring and cyber-security oversight," Martin said
in his testimony. An audit in May 2010 found that only 24 percent of
"applicable computers" on a mission network were monitored to received
critical software patches, and only 62 percent were monitored for
technical vulnerabilities. Another audit in December 2010 found the
agency was not properly sanitizing or disposing equipment at four
different centers and sensitive data was still on computers being
prepared for sale.
Other incidents reported by Martin included a laptop stolen in March
2011 containing algorithms used to control the International Space
Station. Thieves had stolen 48 notebooks or mobile devices from NASA
between April 2009 and April 2011, Martin said.
The thefts are even more worrying when considered that as of Feb. 1
this year, only one percent of NASA's portable devices were encrypted,
according to Martin." via Robert Zimmerman, Behind the Black
.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment