Chinese hackers took over NASA's Jet Propulsion Lab

[Hum]

Chinese hackers gained control over NASA?s Jet Propulsion Laboratory (JPL) in November, which could have allowed them delete sensitive files, add user accounts to mission-critical systems, upload hacking tools, and more -- all at a central repository of U.S. space technology, according to a report released Wednesday afternoon by the Office of the Inspector General.

That report revealed scant details of an ongoing investigation into the incident against the Pasadena, Calif., lab, noting only that cyberattacks against the JPL involved Chinese-based Internet Protocol (IP) addresses.

Paul K. Martin, NASA's inspector general, put his conclusions bluntly.

"The attackers had full functional control over these networks," he wrote.

Martin released written testimony about the attacks in the report "NASA Cybersecurity: An Examination of the Agency?s Information Security," presented to the House Science, Space and Technology Committee investigations panel on Wednesday. It details a host of security lapses and breaches of protocol at the space agency.

"In 2010 and 2011, NASA reported 5,408 computer security incidents that resulted in the installation of malicious software on or unauthorized access to its systems," his report states. "These incidents spanned a wide continuum from individuals testing their skill to break into NASA systems, to well-organized criminal enterprises hacking for profit."

more

[+chorpeac MVC]

Wow... really? No data encryption on the laptop? This is sad...

[ANON86364]

How many times does the government need to be exposed for it's incompetence before they do something about it...

[Open Minded]

Why are these computers/networks connected to the friggin Internet?

[Hum]

Why are these computers/networks connected to the friggin Internet?

So NASA workers can instant message each other. :laugh:

[ANON86364]

They can use an internal instant messaging server for that.

inb4 it was only a joke

[cropcircles]

Chinese hackers, you mean the Chinese government.

[Pink Floyd Veteran]

lol! I work for a chem producer and all our laptops are encrypted and we have a card to boot our laptop and enter passwords. No card, no booting. The funny thing is that We often say we have too many protections, as we do not work for the us gov hahah

[BajiRav]

Why are these computers/networks connected to the friggin Internet?

That was my first reaction too. :huh:

[+Nik Louch Subscriber²]

Chinese hackers, you mean the Chinese government.

No proof of that yet.

Why are these computers/networks connected to the friggin Internet?

Many systems are for many reasons, though primarily data exchange. The research is probably distributed. However, that is moot, because you can be connected and yet still secure as needs be.

[efjay]

Working in security, I can tell you the users are always put first and measures that would make systems more secure are sometimes sidelined because some big wig doesnt want to upset the users. Till that changes this stuff will happen more frequently.

[Travelar]

Wow... really? No data encryption on the laptop? This is sad...

Unfortunately, there was a memo issued in 2007 from the NASA CIO prohibiting the use of full-disk encryption until an Agency-wide solution could be procured and the infrastructure implemented. It hasn't happened yet... and the memo is still in effect.

http://www.nasa.gov/pdf/322748main_11_15_07-Data-at-Rest-Freeze.pdf

[DocM]

No proof of that yet.

Yet being the key word, and suspected - or at least some faction of it.

Remember: the Chinese space program is not civilian but is run by the People?s Liberation Army. If this is simply logistical control for a mainly civilian purpose, or fully operational control is still a matter of debate. Their internal statements are contradictory.

[+chorpeac MVC]

Unfortunately, there was a memo issued in 2007 from the NASA CIO prohibiting the use of full-disk encryption until an Agency-wide solution could be procured and the infrastructure implemented. It hasn't happened yet... and the memo is still in effect.

http://www.nasa.gov/...Rest-Freeze.pdf

Wow... :wacko:

[Arachno 1D]

So did they find any proof of aliens :rolleyes: :D

[Intersect]

lol! I work for a chem producer and all our laptops are encrypted and we have a card to boot our laptop and enter passwords. No card, no booting. The funny thing is that We often say we have too many protections, as we do not work for the us gov hahah

i take its some type of pcmcia /express card that needs to be present for the laptops to boot, are you able to share more info about it

such as who makes it? sounds intresting.

[DocM]

So did they find any proof of aliens :rolleyes: :D

Just last December investigators tracked cyberattacks on 760 companies, US agencies & major contractors (including Lockheed Martin), organizations and research labs back to China. An attack by China on NASA would be no more surprising than a hooker dropping her drawers.

[jimbo11883]

i take its some type of pcmcia /express card that needs to be present for the laptops to boot, are you able to share more info about it

such as who makes it? sounds intresting.

Most likely a smart card, which can be as small as a phone SIM card or as big as a credit card. With a laptop, it's most likely the credit card variety.

[pixelpixel]

Yet Gary McKinnon was traced and found. Surely the same can be done for others ? or is a cover up for a UFO more important to NASA than the Chinise playing with the toys. Maybe War Games was right.

[Wolfbane]

Yet Gary McKinnon was traced and found. Surely the same can be done for others ? or is a cover up for a UFO more important to NASA than the Chinise playing with the toys. Maybe War Games was right.

Did you read the article?

"In 2010 and 2011, NASA reported 5,408 computer security incidents that resulted in the installation of malicious software on or unauthorized access to its systems,"

It would take a lot of time and money to catch every person who broke into their systems - a lot of time and money that NASA don't have to just throw away.

[DocM]

This has risen to a full blown national security issue because NASA has a lot of ITAR (export controlled) data - rocket, satellite etc. designs. Not to mention the intrusions into military and NASA contractors, infrastructure etc. Some intrusions are not Chinese, but the worst ones are and are from suspected military servers. Not good.

[neoadorable]

Doc, please file this under "stuff neoadorable doesn't want to know" and lets all pretend it never happened. Thank you.

[DocM]

Sorry, but now you know part of why the US hasn't been too friendly to their ISS participation. The ESA made another ovature last week, but with this....

[neoadorable]

How do we know this was sanctioned by a government agency? And is it right to punish the scientists and engineers of their space program? Those guys are in it for the species just like the people in NASA. This is something for the two governments to sort out and make sure doesn't happen again. Gentle industrial espionage is par for the course and acceptable, we also do it. Brute intrusions and disruptions are not acceptable. But this should not stop cooperation, we need China in space, they have a lot to contribute.

[DocM]

How do we know this was sanctioned by a government agency? And is it right to punish the scientists and engineers of their space program? Those guys are in it for the species just like the people in NASA.

NASA is a civilian agency. China's space program is run by the Peoples Liberation Army. So far it looks like it was their servers.

This is something for the two governments to sort out and make sure doesn't happen again. Gentle industrial espionage is par for the course and acceptable, we also do it.

There were major national security secrets stolen - the kind that get you executed if done in person:. This goes beyond a little spying between friends; major systems of the F-22 fighter, military satellites, missile tech etc.

Brute intrusions and disruptions are not acceptable. But this should not stop cooperation, we need China in space, they have a lot to contribute.

Reagan said "Trust, but verify." we have not reached that point with the PLA yet, especially given their recent massive increases in the military procurement of offensive weapons. Enough so that Japan, S. Korea, the SE Asian countries and even India are taking major notice. Our radar turned on when they blinded a US military satellite with a laser a few years ago.

Proving this level of spending an innocent modernization is up to them now.