Cybercrooks broke into NASA's computer systems 13 times last year gaining "full functional control" of important systems in the worse cases, according to the testimony before the US Congress by the space agency's inspector general. Paul Martin told a Congressional panel on information security at the space agency that NASA spent …
So - did anyone get any juicy alien info or what?
$58M and still getting pwned every hour on the hour. They're doing it wrong.
I seriously doubt anyone
can secure their network with less than 0.5% of the total IT budget, and that's before you get to the downstream prima donna note.
And on the same day...
we hear of a spectacular "shooting star" over the United Kingdom. Coincidence?
ever try to manage a network full of primadonas?
They have the clout to make your IT policies Swiss cheese.
Re: ever try to manage a network full of primadonas?
Yes, I have, and yes, you are 100% correct in why they get broken into all the time.
Off to prison they go
At least this gives authorities practice in prosecuting hackers.
Re: Off to prison they go
And an opportunity to practice crack hacking with crack hacking providing the prosecution evidence of prosecutable malfeasance. Win Win Double Whammy. Thank You, Ma'am.
Why do mission-critical systems have Internet access?
Why do mission-critical systems have Internet access?
Because the NASA (non-IT) managers are soft in the head. They can't make a clear distinction between the material that can be publicly available and on public-facing servers and material (hopefully not a large amount) that cannot, and must be airgapped. The amount of money the US taxpayers spends on NASA operations certainly is enough to provide a real, not virtual, private network for access to that information which, for one or another reason, should not be made available to the public.
How else will Windows do it's updates
Actually in NASA as well as ESA, all mission critical systems do not have Internet access. THey separate the networks into and Office network, admin, internet etc and operational network, which runs hte missions and satellites. The OPS network is a private network, that doesn't have internet access. To hack this network, you'd need to physically compromise it
@AdrianG: We agree that's they way it OUGHT to be configured,
but according to the IG report, it isn't.
Just wait when they caught one...
Then they'll sue and all damages will be fully paid for, may even finance setting up a new security system.
I seriously wonder how much NASA cares. I mean; the last hack from England where some kid was only trying to get data on "aliens". He was also perfectly willing to share his findings and actually help the guys out to straighten things out.
Although I didn't keep up with every detail, but last I heard there was no interest apart from extraditing him to the US to stand trial and be locked up for quite a few years. Major fail right there IMO; instead of going for damages and money (which IMO is disputable in this case) they also could have gone after his insight knowledge on security.
Yet I think the big money is what keeps looming over the horizon in events like these.
Re: Just wait when they caught one...
Well, maybe the hackers should be worried, it looks like Sabu's new tag is "WillGrassOnU"!
Lulzsec down! Lulz!
I lost "full functional control of important systems" at the weekend, but I'm not trying to extradite the barman.
All your bases are belong to us?
Mines the one with the keys to the space station in the pocket...
Whoever is the CIO or Director of IT at NASA, needs to be fired. The problem comes from the top. You cannot fail so badly with a budget of $58 million just for cyber security.
We had exactly such a problem here one time. One of the poohbahs wanted his mobe to work on the company network, and had the tech show him how to get around safeguards. When the poohbah was asked how he got into the system, he said "Joe told me how. He just volunteered the information." Guess who got canned, and who got a slap on the wrist for not being aware of policy, an innocent mistake?
He should have done his Sgt Schultz impersonation and got out.
Coincidence??? I think not......
So china has new heavy lift capability (http://www.theregister.co.uk/2012/03/05/china_rocket_deep_space/) and "In the most serious of these incidents, hackers gained control of systems at NASA's Jet Propulsion Laboratory. The attack was traced back to IP addresses in China". Coincidence?? I wonder...... ;)
" with an estimated cost to NASA of more than $7m "
Americans, always trying to put a dollar symbol to wrongdoing.
Here, I'll fix it for you and you can split the $7m fifty-fifty. There are important systems, and there are PCs that losers use to tweet status updates. The two should never be joined. Not ever. Not even on the same power feed. And those important systems? They should be an their own independent network, totally abstract from "the internet" and not accessible from such.
Any IT bod that thinks otherwise ought to be publicly castrated and then roasted alive by being strapped to the funnel of the next scheduled rocket launch...
Re: " with an estimated cost to NASA of more than $7m "
Not only should these systems be isolated from the Internet, they probably are. You understand this but the general public were worried by Y2K because they thought everything was a computer with a date problem.
However these stories are coming out in order to create someone to blame for a big problem that they are brewing.
that online game of Moon-Lander was...
Will only ever change if and when the media starts pumping titles like "XYZ security compromised. AGAIN. IT department says it's powerless cause higher ranked idiots won't let them do their jobs".
100:1 the media outlets won't ever have the dangling ones to pull this off, ie, shoveling blame where it's due.
Beer: Every time your old taskmaster for whom your policies where "right up there with the nazis" calls in and sheepishly begs for help after getting "pwned" again. He's gonna pay for it so might as well down it... Maybe more than one as there will surely be LOTS of "overtime".
How much actually went on Cyber Security?
I'll bet that most of that $58mil went on glossy reports and powerpoint slides highlighting to non-IT Managers just how much certain software and hardware was required only for those same managers to comission another study.
So why bring this up now?
Any computer gets viruses, spies and zombies. I can't see where they made the space station do barrel rolls. This is setting up plausible deniability for when the 'terrorists' finally crash a rocket onto a city and we all need a license to own a computer.
C'mon guys stopping malware on endpoints, that's the most basic security. It's not rocket science!!
Poorly implemented security policies mean that these attacks were often successful. In 2010 and 2011, NASA reported 5,408 computer security incidents that resulted in the installation of malicious software on or unauthorised access to its systems, Martin testified (PDF) before the US House Committee on Science, Space and Technology last Wednesday.
5,408 computer security incidents between 2010 and 2011, And Gary McKinnon is the only one they've managed to catch? Looks like NASA (Not Actually Secure Architecture) is a bit of a soft hack.
RE: Field Marshal Von Krakenfart
Maybe they're just waiting for Sabu to roll over on the NASA haxkers!