Hackers successfully breached networks at NASA’s Jet Propulsion Laboratory last November, where they were able to install malware, delete or steal private information, and take control of user accounts to access privilege sections of the network, according to a report released this week from the National Aeronautics and Space Administration’s inspector general.
If there is anything to learn from the multiple security breaches at NASA, it is that no single hosting environment is ever fully secure. After all, NASA has an annual IT security budget of $58 million and hosts all its content in-house on its own infrastructure, built by some of the brightest minds in the world, and yet its network was successfully hacked on multiple accounts.
The breach was found to originate from Chinese-based IP addresses, where hackers were able to hijack the accounts of “privileged JPL users” to gain “full access to key JPL systems,” Inspector General Paul K. Martin wrote in a report to Congress.
NASA will continue to investigate this breach, where the hackers had “full functional control over these networks” that allowed them to change any sensitive files and user accounts for JPL systems, as well as modify system logs to cover up these activities, Martin writes.
The report also revealed other breaches that occurred in 2010 and 2011 with a total of 5,408 computer security incidents that saw the installation of malware and the theft of export-controlled and otherwise sensitive data.
NASA estimates the breaches cost the agency more than $7 million, and that some of the attacks “may have been sponsored by foreign intelligence services seeking to further their countries’ objectives,” Martin writes.
In March 2011, the agency saw the theft of an unencrypted NASA notebook computer that contained space station codes. In one of the more successful attacks, criminals stole user passwords for more than 150 NASA employees that could have potentially been used to access NASA systems.
Martin also mentions in the report that the loss of some of NASA systems key data could lead to significant financial loss, greatly affect national security, or hurt the country’s competitive technological edge.
But even worse, it “could choose to cause significant disruption to NASA operations, as IT networks are central to all aspects of NASA’s operations.”
The security incidents also makes a valid argument for hosting providers to know what kind of content their customers intend to host so they can properly prepare for any potential attacks.
The websites of government agencies, as well as many others, are obvious targets for online attacks and their security measures should be treated accordingly.
But Media Temple said that it was unaware that Fleishman-Hilliard was intending on using its servers to host government accounts and, had it known, it would have advised them against it since the company is not a FISMA-certified hosting service.
Talk Back: Do you think hosting providers have the right to know what kind of content is being hosted on their servers if it means that their customers will have stronger security controls in place? Post your comments in the section below.