Southern California breaking news and trends

Security black hole? NASA hacked, laptop with Space Station codes disappears

Mars rover Curiosity

NASA/Paul E. Alers

A model of the Curiosity, NASA's most advanced mobile robotic laboratory, which will examine one of the most intriguing areas on Mars, is seen prior to a news briefing, Thursday, Nov. 10, 2011, at NASA Headquarters in Washington D.C.

In space, no one can hear you hack. 

NASA issued a report this week detailing startling breaches that suggest a universe of trouble in the agency's security department. 

Last year, NASA's Pasadena-based Jet Propulsion Laboratory was attacked by hackers with an IP addresses originating from China. Intruders had full control of the networks, the report revealed, accessing NASA employee credentials, and opening sensitive files with the ability to alter, copy and delete. 

The report went on to disclose that NASA was the target of 47 such cyberattacks -- sophisticated, well organized, and well funded -- in 2011. But this is just the tip of the meteoroid. 

In total, the space agency suffered 5,408 information security incidents "that resulted in the installation of malicious software on or unauthorized access to its systems" over the course of two years, CNN reports.

During that time nearly 50 high-tech mobile devices were also lost or stolen. One notable item to disappear was an unencrypted laptop containing the command and control code algorithms used to operate the International Space Station (ISS).

In the report, named “NASA Cybersecurity: An Examination of the Agency’s Information Security,” the agency’s inspector general, Paul Martin writes that intrusions "affected thousands of NASA computers, caused significant disruption to mission operations, and resulted in the theft of export-controlled and otherwise sensitive data, with an estimated cost to NASA of more than $7 million."

Martin testified in front of Congress on Wednesday speaking of NASA's inability to monitor lost mobile devices as an issue of national security, noting that until the agency implements a comprehensive encryption solution, highly sensitive information will remain vulnerable.

blog comments powered by Disqus