![]() The inspector general cited a May 2009 incident in which cyber criminals infected a computer system that supports one of NASA's mission networks. The inspector general performed the audit after NASA experienced a number of cyber intrusions that the report said resulted in the "theft of export-controlled and other sensitive data from its mission computer networks." The inspector general warned that "until NASA addresses these critical deficiencies and improves its IT security practices, the agency is vulnerable to computer incidents that could have a severe to catastrophic effect on agency assets, operations, and personnel." "These data are sensitive and provide attackers additional ways to gain unauthorized access to NASA networks," the report said. The inspector general's audit of NASA's computer security found "network servers that revealed encryption keys, encrypted passwords, and user account information to potential attackers. It said a cyber attacker who managed to penetrate the network could use compromised computers to exploit other weaknesses and "severely degrade or cripple NASA's operations." "Specifically, six computer servers associated with IT assets that control spacecraft and contain critical data had vulnerabilities that would allow a remote attacker to take control of or render them unavailable," the report said. Martin said software vulnerabilities in NASA computers are often left unpatched, a problem stemming from an IT chain of command in which the chief information officer "has limited ability" to fully implement mandated IT security programs across the agency."We found that computer servers on NASA's agency-wide mission network had high-risk vulnerabilities that were exploitable from the Internet," NASA inspector general Paul Martin said in an audit of NASA's network security. "Until NASA fully implements an agency-wide data encryption solution, sensitive data on its mobile computing and portable data storage devices will remain at high risk for loss or theft," he said. 1, only 1 percent of NASA portable devices and laptops had been encrypted. Martin's testimony highlights the difficulties NASA information technology officials face in securing the agency's laptops and mobile devices. Overall, Martin said computer intrusions "have affected thousands of NASA computers, caused significant disruptions to mission operations and resulted in the theft of export-controlled and otherwise sensitive data." "This series of intrusions resulted in losses of over $500,000," Martin said. ![]() Last month, Butkya was indicted by a federal grand jury on allegations that he broke into 25 computers that were part of NASA's Atmospheric Infrared Sounder Program. One example of a "skill-testing" hack was the attack perpetrated by " TinKode," a 20-year-old Romanian hacker (real name Razvan Manole Cernainu), who tapped into a computer server at NASA's Goddard Space Flight Center in April 2011.Īnother case involves a 25-year-old Romanian national (Robert Butkya, a.k.a. He said the November 2011 incident was still under investigation. "In other words, the attackers had full functional control over these networks," Martin said. Modify system logs to cover their tracks. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |