Feeds

back to article NASA lost 'full control' to hackers, pwned 13 times last year

Cybercrooks broke into NASA's computer systems 13 times last year gaining "full functional control" of important systems in the worse cases, according to the testimony before the US Congress by the space agency's inspector general. Paul Martin told a Congressional panel on information security at the space agency that NASA spent …

COMMENTS

This topic is closed for new posts.

Aliens!

So - did anyone get any juicy alien info or what?

1
0
Silver badge

$58M and still getting pwned every hour on the hour. They're doing it wrong.

2
1
Silver badge

I seriously doubt anyone

can secure their network with less than 0.5% of the total IT budget, and that's before you get to the downstream prima donna note.

0
0
TRT
Silver badge
Alien

And on the same day...

we hear of a spectacular "shooting star" over the United Kingdom. Coincidence?

2
0
Silver badge

ever try to manage a network full of primadonas?

They have the clout to make your IT policies Swiss cheese.

11
0
Paris Hilton

Re: ever try to manage a network full of primadonas?

Yes, I have, and yes, you are 100% correct in why they get broken into all the time.

1
0
Anonymous Coward

Off to prison they go

At least this gives authorities practice in prosecuting hackers.

0
0
Silver badge

Re: Off to prison they go

And an opportunity to practice crack hacking with crack hacking providing the prosecution evidence of prosecutable malfeasance. Win Win Double Whammy. Thank You, Ma'am.

0
0
WTF?

Why do mission-critical systems have Internet access?

8
0
Bronze badge
FAIL

Why do mission-critical systems have Internet access?

Because the NASA (non-IT) managers are soft in the head. They can't make a clear distinction between the material that can be publicly available and on public-facing servers and material (hopefully not a large amount) that cannot, and must be airgapped. The amount of money the US taxpayers spends on NASA operations certainly is enough to provide a real, not virtual, private network for access to that information which, for one or another reason, should not be made available to the public.

2
0
h 2
Joke

How else will Windows do it's updates

1
0

Internet access

Actually in NASA as well as ESA, all mission critical systems do not have Internet access. THey separate the networks into and Office network, admin, internet etc and operational network, which runs hte missions and satellites. The OPS network is a private network, that doesn't have internet access. To hack this network, you'd need to physically compromise it

0
0
Silver badge

@AdrianG: We agree that's they way it OUGHT to be configured,

but according to the IG report, it isn't.

0
0
Silver badge

Just wait when they caught one...

Then they'll sue and all damages will be fully paid for, may even finance setting up a new security system.

I seriously wonder how much NASA cares. I mean; the last hack from England where some kid was only trying to get data on "aliens". He was also perfectly willing to share his findings and actually help the guys out to straighten things out.

Although I didn't keep up with every detail, but last I heard there was no interest apart from extraditing him to the US to stand trial and be locked up for quite a few years. Major fail right there IMO; instead of going for damages and money (which IMO is disputable in this case) they also could have gone after his insight knowledge on security.

Yet I think the big money is what keeps looming over the horizon in events like these.

3
0
Silver badge
Big Brother

Re: Just wait when they caught one...

Well, maybe the hackers should be worried, it looks like Sabu's new tag is "WillGrassOnU"!

http://www.bbc.co.uk/news/technology-17270822

Lulzsec down! Lulz!

0
2
Silver badge
Joke

Pah

I lost "full functional control of important systems" at the weekend, but I'm not trying to extradite the barman.

3
0
Coat

All your bases are belong to us?

Mines the one with the keys to the space station in the pocket...

4
0
FAIL

HA!

Whoever is the CIO or Director of IT at NASA, needs to be fired. The problem comes from the top. You cannot fail so badly with a budget of $58 million just for cyber security.

0
0
Big Brother

Re: HA!

We had exactly such a problem here one time. One of the poohbahs wanted his mobe to work on the company network, and had the tech show him how to get around safeguards. When the poohbah was asked how he got into the system, he said "Joe told me how. He just volunteered the information." Guess who got canned, and who got a slap on the wrist for not being aware of policy, an innocent mistake?

He should have done his Sgt Schultz impersonation and got out.

1
0
Facepalm

Coincidence??? I think not......

So china has new heavy lift capability (http://www.theregister.co.uk/2012/03/05/china_rocket_deep_space/) and "In the most serious of these incidents, hackers gained control of systems at NASA's Jet Propulsion Laboratory. The attack was traced back to IP addresses in China". Coincidence?? I wonder...... ;)

1
0
Silver badge

" with an estimated cost to NASA of more than $7m "

Americans, always trying to put a dollar symbol to wrongdoing.

Here, I'll fix it for you and you can split the $7m fifty-fifty. There are important systems, and there are PCs that losers use to tweet status updates. The two should never be joined. Not ever. Not even on the same power feed. And those important systems? They should be an their own independent network, totally abstract from "the internet" and not accessible from such.

Any IT bod that thinks otherwise ought to be publicly castrated and then roasted alive by being strapped to the funnel of the next scheduled rocket launch...

1
0

Re: " with an estimated cost to NASA of more than $7m "

Not only should these systems be isolated from the Internet, they probably are. You understand this but the general public were worried by Y2K because they thought everything was a computer with a date problem.

However these stories are coming out in order to create someone to blame for a big problem that they are brewing.

0
1
Anonymous Coward

You mean

that online game of Moon-Lander was...

1
0
Pint

As usual...

Will only ever change if and when the media starts pumping titles like "XYZ security compromised. AGAIN. IT department says it's powerless cause higher ranked idiots won't let them do their jobs".

100:1 the media outlets won't ever have the dangling ones to pull this off, ie, shoveling blame where it's due.

Beer: Every time your old taskmaster for whom your policies where "right up there with the nazis" calls in and sheepishly begs for help after getting "pwned" again. He's gonna pay for it so might as well down it... Maybe more than one as there will surely be LOTS of "overtime".

1
0
Meh

How much actually went on Cyber Security?

I'll bet that most of that $58mil went on glossy reports and powerpoint slides highlighting to non-IT Managers just how much certain software and hardware was required only for those same managers to comission another study.

0
0
Pirate

So why bring this up now?

Any computer gets viruses, spies and zombies. I can't see where they made the space station do barrel rolls. This is setting up plausible deniability for when the 'terrorists' finally crash a rocket onto a city and we all need a license to own a computer.

0
0
FAIL

C'mon guys stopping malware on endpoints, that's the most basic security. It's not rocket science!!

0
0
FAIL

Poorly implemented security policies mean that these attacks were often successful. In 2010 and 2011, NASA reported 5,408 computer security incidents that resulted in the installation of malicious software on or unauthorised access to its systems, Martin testified (PDF) before the US House Committee on Science, Space and Technology last Wednesday.

5,408 computer security incidents between 2010 and 2011, And Gary McKinnon is the only one they've managed to catch? Looks like NASA (Not Actually Secure Architecture) is a bit of a soft hack.

0
1
Silver badge
Happy

RE: Field Marshal Von Krakenfart

Maybe they're just waiting for Sabu to roll over on the NASA haxkers!

0
2
This topic is closed for new posts.