NASA was hacked 13 times this year

NASA admitted to something pretty scary: they were hacked 13 times last year alone, and several times hackers had “full, functional control” of the space agency’s information.

According to Inspector General Paul K. Martin, the most powerful attack came from an IP in China, which broke into the network of NASA’s Jet Propulsion Laboratory, one of NASA’s key labs. He said hackers gained full access to modify, copy, or delete virtually every file, no matter how important, and they were able to create new user accounts and upload hacking tools to steal user credentials. They also modified system logs, which helped them cover their actions for a while.

“NASA takes the issue of IT security very seriously, and at no point in time have operations of the International Space Station been in jeopardy due to a data breach,” said NASA spokesman Michael Cabbagehe.

Even with the $1.5 billion investment in IT, from which a healthy chunk goes to protection, it seems NASA is far from being safe from cyber attacks. NASA’s cybersecurity problem is in fact a national security problem, as many satellites with various purposes are under the agency’s eye. Subcommittee Chairman Rep. Paul Braun quickly pointed this out:

“Many of the technologies developed and utilized by NASA are just as useful for military purposes as they are for civil space applications,” he said. “While our nation’s defense and intelligence communities guard the ‘front door’ and prevent network intrusions that could steal or corrupt sensitive information, NASA could essentially become an unlocked ‘back door’ without persistent vigilance.”

You can find the full PDF with Martin’s testimony here, and here is a brief summary:

Some NASA systems house sensitive information which, if lost or stolen, could result in
significant financial loss, adversely affect national security, or significantly impair our Nation’s
competitive technological advantage. Even more troubling, skilled and committed cyber
attackers could choose to cause significant disruption to NASA operations, as IT networks are
central to all aspects of NASA’s operations[..]

In FY 2011, NASA reported it was the victim of 47 APT attacks, 13 of which successfully compromised Agency computers. In one of the successful attacks, intruders stole user credentials for more than 150 NASA employees – credentials that could have been used to gain unauthorized access to NASA systems. Our ongoing investigation of another such attack at JPL involving Chinese-based Internet protocol (IP) addresses has confirmed that the intruders gained full access to key JPL systems and sensitive user accounts. With full system access the intruders could: (1) modify, copy, or delete sensitive files; (2) add, modify, or delete user accounts for mission-critical JPL systems; (3) upload hacking tools to steal user credentials and compromise other NASA systems; and (4) modify system logs to conceal their actions. In other words, the attackers had full functional control over these networks.