NASA Hacked, Was It China Again?

China takes the spotlight again as news surfaced of hackers taking control of networks at NASA’s Jet Propulsion Laboratory  last November.  The hackers were able to install malware, delete or steal sensitive data, and hijack the accounts of users in order to gain their privileged access.

A report addressed to Congress by National Aeronautics and Space Administration’s inspector general Paul K. Martin stated that the agency faces the following challenges as the reason for being hacked.

  • Lack of full awareness of Agency-wide IT security posture
  • Shortcomings in implementing a continuous monitoring approach to IT security
  • Slow pace of encryption for NASA laptop computers and other mobile devices
  • Ability to combat sophisticated cyber attacks; and
  • Transition to cloud computing.

NASA’s systems warehouse sensitive information that could result in significant financial loss, adversely affect national security or impair the Nation’s competitive technology advancement if that information were stolen or lost.  What the inspector general finds more troubling is that hackers could use this to cause “significant disruption” to their operations.

Martin goes on to report that “In 2010 and 2011, NASA reported 5,408 computer security incidents that resulted in the installation of malicious software on or unauthorized access to its systems.  These incidents spanned a wide continuum from individuals testing their skill to break into NASA systems, to well-organized criminal enterprises hacking for profit, to intrusions that may have been sponsored by foreign intelligence services seeking to further their countries’ objectives.

“Some of these intrusions have affected thousands of NASA computers, caused significant disruption to mission operations, and resulted in the theft of export-controlled and otherwise sensitive data, with an estimated cost to NASA of more than $7 million.  To put these findings in context, however, NASA OIG is the only Office of Inspector General that regularly conducts international network intrusion cases, and this fact could skew perceptions with regard to NASA’s relative rate of significant intrusion events compared to other agencies.”

The inspector general added that the agency was the victim of 47 APT attacks, 13 of which successfully compromised Agency computers.

“In one of the successful attacks, intruders stole user credentials for more than 150 NASA employees – credentials that could have been used to gain unauthorized access to NASA systems,” Martin wrote.

“Our ongoing investigation of another such attack at JPL involving Chinese-based Internet protocol (IP) addresses has confirmed that the intruders gained full access to key JPL systems and sensitive user accounts.  With full system access the intruders could:  (1) modify, copy, or delete sensitive files; (2) add, modify, or delete user accounts for mission-critical JPL systems; (3) upload hacking tools to steal user credentials and compromise other NASA systems; and (4) modify system logs to conceal their actions.  In other words, the attackers had full functional control over these networks.”

China has yet to respond to these new allegations.

China is being blamed for numerous other hacking incidents, if you still remember.  The attack on the US Chamber of Commerce, the US satellite hacking and some attacks on various governments.  An additional area of concern is mobile, with China-based cybercriminals named by Kapersky Labs as among the most proliferate on Android OS.