A testimony delivered to the US House Committee on Science, Space, and Technology yesterday revealed that in March 2011 an unencrypted NASA notebook computer was stolen, resulting in “the loss of the algorithms used to command and control the International Space Station”.
The theft, documented in a report by NASA Inspector General Paul K. Martin, was one of several thousand breaches in IT security over the last two years.
He notes that between April 2009 and April 2011, 48 devices were declared as lost or stolen within the agency, including the laptop containing the ISS data, which was reported in March 2011. Martin added: “Other lost or stolen notebooks contained Social Security numbers and sensitive data on NASA’s Constellation and Orion programs.”
Other sensitive data was also leaked due to a lack of standardised IT security controls. Excess shuttle IT equipment, including computers and hard drives, have to be put through ‘sanitization testing’ before they can be sold or be prepared for sale to the public. The report notes that one NASA centre released 10 computers that failed testing and may have contained sensitive information; while another four were confiscated by auditors as they were being prepared for sale.
Between 2010 and 2011, NASA reported 5,408 instances where unauthorised access was granted to sensitive computers or where malware was installed.
“These incidents spanned a wide continuum from individuals testing their skill to break into NASA systems, to well-organized criminal enterprises hacking for profit, to intrusions that may have been sponsored by foreign intelligence services seeking to further their countries’ objectives,” Martin said.
NASA said that such attacks affected thousands of computers and estimates the cost of damage to be around $7 million (£4.4m). While Martin reports that the agency is a “target rich” environment for attacks, he also mentions that it is the only one in the US government to regularly conduct intrusion investigations. NASA currently spends $1.5 billion (£940m) on IT annually, with $58 million (£36m) going towards security.
Due to NASA’s status as a “target rich” environment, it has become the focus of Advanced Persistent Threats (APTs). The report states that in the 2011 financial year, the agency was the victim of 47 APTs, of which 13 successfully gained access, stole data, modified sensitive information and/or uploaded hacking tools.
Among the attackers, various Chinese IP addresses were identified and, last November, six Estonians and a Russian were indicted as part of an FBI investigation concerning an international fraud scheme in which 135 NASA systems were affected.
How well do you know Internet security? Try our quiz and find out!
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…