back to article NASA lost 'full control' to hackers, pwned 13 times last year

Cybercrooks broke into NASA's computer systems 13 times last year gaining "full functional control" of important systems in the worse cases, according to the testimony before the US Congress by the space agency's inspector general. Paul Martin told a Congressional panel on information security at the space agency that NASA …

COMMENTS

This topic is closed for new posts.
  1. nexsphil

    Aliens!

    So - did anyone get any juicy alien info or what?

  2. Anonymous Coward
    Anonymous Coward

    $58M and still getting pwned every hour on the hour. They're doing it wrong.

    1. Tom 13

      I seriously doubt anyone

      can secure their network with less than 0.5% of the total IT budget, and that's before you get to the downstream prima donna note.

  3. TRT
    Alien

    And on the same day...

    we hear of a spectacular "shooting star" over the United Kingdom. Coincidence?

  4. Anonymous Coward
    Anonymous Coward

    ever try to manage a network full of primadonas?

    They have the clout to make your IT policies Swiss cheese.

    1. perlcat
      Paris Hilton

      Re: ever try to manage a network full of primadonas?

      Yes, I have, and yes, you are 100% correct in why they get broken into all the time.

  5. Anonymous Coward
    Anonymous Coward

    Off to prison they go

    At least this gives authorities practice in prosecuting hackers.

    1. amanfromMars 1 Silver badge

      Re: Off to prison they go

      And an opportunity to practice crack hacking with crack hacking providing the prosecution evidence of prosecutable malfeasance. Win Win Double Whammy. Thank You, Ma'am.

  6. Decius
    WTF?

    Why do mission-critical systems have Internet access?

    1. tom dial Silver badge
      FAIL

      Why do mission-critical systems have Internet access?

      Because the NASA (non-IT) managers are soft in the head. They can't make a clear distinction between the material that can be publicly available and on public-facing servers and material (hopefully not a large amount) that cannot, and must be airgapped. The amount of money the US taxpayers spends on NASA operations certainly is enough to provide a real, not virtual, private network for access to that information which, for one or another reason, should not be made available to the public.

    2. h 2
      Joke

      How else will Windows do it's updates

    3. AdrianG

      Internet access

      Actually in NASA as well as ESA, all mission critical systems do not have Internet access. THey separate the networks into and Office network, admin, internet etc and operational network, which runs hte missions and satellites. The OPS network is a private network, that doesn't have internet access. To hack this network, you'd need to physically compromise it

      1. Tom 13

        @AdrianG: We agree that's they way it OUGHT to be configured,

        but according to the IG report, it isn't.

  7. Anonymous Coward
    Anonymous Coward

    Just wait when they caught one...

    Then they'll sue and all damages will be fully paid for, may even finance setting up a new security system.

    I seriously wonder how much NASA cares. I mean; the last hack from England where some kid was only trying to get data on "aliens". He was also perfectly willing to share his findings and actually help the guys out to straighten things out.

    Although I didn't keep up with every detail, but last I heard there was no interest apart from extraditing him to the US to stand trial and be locked up for quite a few years. Major fail right there IMO; instead of going for damages and money (which IMO is disputable in this case) they also could have gone after his insight knowledge on security.

    Yet I think the big money is what keeps looming over the horizon in events like these.

    1. Matt Bryant Silver badge
      Big Brother

      Re: Just wait when they caught one...

      Well, maybe the hackers should be worried, it looks like Sabu's new tag is "WillGrassOnU"!

      http://www.bbc.co.uk/news/technology-17270822

      Lulzsec down! Lulz!

  8. Tom 38
    Joke

    Pah

    I lost "full functional control of important systems" at the weekend, but I'm not trying to extradite the barman.

  9. Warren Sealey
    Coat

    All your bases are belong to us?

    Mines the one with the keys to the space station in the pocket...

  10. Anonymous Coward
    FAIL

    HA!

    Whoever is the CIO or Director of IT at NASA, needs to be fired. The problem comes from the top. You cannot fail so badly with a budget of $58 million just for cyber security.

    1. perlcat
      Big Brother

      Re: HA!

      We had exactly such a problem here one time. One of the poohbahs wanted his mobe to work on the company network, and had the tech show him how to get around safeguards. When the poohbah was asked how he got into the system, he said "Joe told me how. He just volunteered the information." Guess who got canned, and who got a slap on the wrist for not being aware of policy, an innocent mistake?

      He should have done his Sgt Schultz impersonation and got out.

  11. Me :D
    Facepalm

    Coincidence??? I think not......

    So china has new heavy lift capability (http://www.theregister.co.uk/2012/03/05/china_rocket_deep_space/) and "In the most serious of these incidents, hackers gained control of systems at NASA's Jet Propulsion Laboratory. The attack was traced back to IP addresses in China". Coincidence?? I wonder...... ;)

  12. heyrick Silver badge

    " with an estimated cost to NASA of more than $7m "

    Americans, always trying to put a dollar symbol to wrongdoing.

    Here, I'll fix it for you and you can split the $7m fifty-fifty. There are important systems, and there are PCs that losers use to tweet status updates. The two should never be joined. Not ever. Not even on the same power feed. And those important systems? They should be an their own independent network, totally abstract from "the internet" and not accessible from such.

    Any IT bod that thinks otherwise ought to be publicly castrated and then roasted alive by being strapped to the funnel of the next scheduled rocket launch...

    1. Wayland Sothcott 1

      Re: " with an estimated cost to NASA of more than $7m "

      Not only should these systems be isolated from the Internet, they probably are. You understand this but the general public were worried by Y2K because they thought everything was a computer with a date problem.

      However these stories are coming out in order to create someone to blame for a big problem that they are brewing.

  13. Anonymous Coward
    Anonymous Coward

    You mean

    that online game of Moon-Lander was...

  14. Nuno trancoso
    Pint

    As usual...

    Will only ever change if and when the media starts pumping titles like "XYZ security compromised. AGAIN. IT department says it's powerless cause higher ranked idiots won't let them do their jobs".

    100:1 the media outlets won't ever have the dangling ones to pull this off, ie, shoveling blame where it's due.

    Beer: Every time your old taskmaster for whom your policies where "right up there with the nazis" calls in and sheepishly begs for help after getting "pwned" again. He's gonna pay for it so might as well down it... Maybe more than one as there will surely be LOTS of "overtime".

  15. Just a geek
    Meh

    How much actually went on Cyber Security?

    I'll bet that most of that $58mil went on glossy reports and powerpoint slides highlighting to non-IT Managers just how much certain software and hardware was required only for those same managers to comission another study.

  16. Wayland Sothcott 1
    Pirate

    So why bring this up now?

    Any computer gets viruses, spies and zombies. I can't see where they made the space station do barrel rolls. This is setting up plausible deniability for when the 'terrorists' finally crash a rocket onto a city and we all need a license to own a computer.

  17. RainForestGuppy
    FAIL

    C'mon guys stopping malware on endpoints, that's the most basic security. It's not rocket science!!

  18. Field Marshal Von Krakenfart
    FAIL

    Poorly implemented security policies mean that these attacks were often successful. In 2010 and 2011, NASA reported 5,408 computer security incidents that resulted in the installation of malicious software on or unauthorised access to its systems, Martin testified (PDF) before the US House Committee on Science, Space and Technology last Wednesday.

    5,408 computer security incidents between 2010 and 2011, And Gary McKinnon is the only one they've managed to catch? Looks like NASA (Not Actually Secure Architecture) is a bit of a soft hack.

    1. Matt Bryant Silver badge
      Happy

      RE: Field Marshal Von Krakenfart

      Maybe they're just waiting for Sabu to roll over on the NASA haxkers!

This topic is closed for new posts.

Other stories you might like