NASA Security Audit Reveals Security Breaches, Stolen Data

2 comments

Hackers successfully breached networks at NASA’s Jet Propulsion Laboratory last November, where they were able to install malware, delete or steal private information, and take control of user accounts to access privilege sections of the network, according to a report released this week from the National Aeronautics and Space Administration’s inspector general.

If there is anything to learn from the multiple security breaches at NASA, it is that no single hosting environment is ever fully secure. After all, NASA has an annual IT security budget of $58 million and hosts all its content in-house on its own infrastructure, built by some of the brightest minds in the world, and yet its network was successfully hacked on multiple accounts.

The breach was found to originate from Chinese-based IP addresses, where hackers were able to hijack the accounts of “privileged JPL users” to gain “full access to key JPL systems,” Inspector General Paul K. Martin wrote in a report to Congress.

NASA will continue to investigate this breach, where the hackers had “full functional control over these networks” that allowed them to change any sensitive files and user accounts for JPL systems, as well as modify system logs to cover up these activities, Martin writes.

The report also revealed other breaches that occurred in 2010 and 2011 with a total of 5,408 computer security incidents that saw the installation of malware and the theft of export-controlled and otherwise sensitive data.

NASA estimates the breaches cost the agency more than $7 million, and that some of the attacks “may have been sponsored by foreign intelligence services seeking to further their countries’ objectives,” Martin writes.

In March 2011, the agency saw the theft of an unencrypted NASA notebook computer that contained space station codes. In one of the more successful attacks, criminals stole user passwords for more than 150 NASA employees that could have potentially been used to access NASA systems.

Martin also mentions in the report that the loss of some of NASA systems key data could lead to significant financial loss, greatly affect national security, or hurt the country’s competitive technological edge.

But even worse, it “could choose to cause significant disruption to NASA operations, as IT networks are central to all aspects of NASA’s operations.”

The security incidents also makes a valid argument for hosting providers to know what kind of content their customers intend to host so they can properly prepare for any potential attacks.

The websites of government agencies, as well as many others, are obvious targets for online attacks and their security measures should be treated accordingly.

Last month, Media Temple ordered public relations firm Fleishman-Hilliard to move its servers to another hosting firm after its FTC websites were hacked for the second time in less than a month.

But Media Temple said that it was unaware that Fleishman-Hilliard was intending on using its servers to host government accounts and, had it known, it would have advised them against it since the company is not a FISMA-certified hosting service.

Talk Back: Do you think hosting providers have the right to know what kind of content is being hosted on their servers if it means that their customers will have stronger security controls in place? Post your comments in the section below.

Newsletters

Subscribe Now and Get Our Exclusive Report on "The Hosting Infrastructure Ecosystem"

Enter your email to receive messages about offerings by Penton, its brands, affiliates and/or third-party partners, consistent with Penton's Privacy Policy.

Add Your Comments

  • (will not be published)

2 Comments

  1. Carbonsi

    This is really shocking to know that none of the hosting service providers can ensure hack free environment. Developers should give more importance in providing security to the data.

    Reply
  2. If you are going to host sensitive content, I believe the hoster should be informed in advance. That doesn't mean the standard shared hosting is not secure but isolation is always better since there is a possibility of other accounts getting breached that could lead to different security holes.

    Reply