Chinese hackers gained control over NASA’s Jet Propulsion Laboratory (JPL) in November, which could have allowed them delete sensitive files, add user accounts to mission-critical systems, upload hacking tools, and more -- all at a central repository of U.S. space technology, according to a report released Wednesday afternoon by the Office of the Inspector General.
That report revealed scant details of an ongoing investigation into the incident against the Pasadena, Calif., lab, noting only that cyberattacks against the JPL involved Chinese-based Internet Protocol (IP) addresses.
Paul K. Martin, NASA's inspector general, put his conclusions bluntly.
"The attackers had full functional control over these networks," he wrote.
Martin released written testimony about the attacks in the report "NASA Cybersecurity: An Examination of the Agency’s Information Security," presented to the House Science, Space and Technology Committee investigations panel on Wednesday. It details a host of security lapses and breaches of protocol at the space agency.
"In 2010 and 2011, NASA reported 5,408 computer security incidents that resulted in the installation of malicious software on or unauthorized access to its systems," his report states. "These incidents spanned a wide continuum from individuals testing their skill to break into NASA systems, to well-organized criminal enterprises hacking for profit."