Hackers seized control of networks at NASA’s Jet Propulsion Laboratory last November, gaining the ability to install malware, delete or steal sensitive data, and hijack the accounts of users in order to gain their privileged access, according to a report from the National Aeronautics and Space Administration’s inspector general.
The breach, originating from Chinese-based IP addresses, allowed the intruders to compromise the accounts “of the most privileged JPL users,” giving them “full access to key JPL systems,” according to Inspector General Paul K. Martin in a report to Congress (.pdf).
The investigation of the breach is ongoing, but Martin says the intruders had the ability to modify sensitive files; modify or delete user accounts for mission-critical JPL systems; and alter system logs to conceal their actions.
“In other words, the attackers had full functional control over these networks,” Martin writes.
But this wasn’t the only breach NASA experienced. In 2010 and 2011, the agency had 5,408 computer security incidents that resulted in the installation of malicious software and the theft of export-controlled and otherwise sensitive data, with an estimated cost to NASA of more than $7 million. Some of the breaches “may have been sponsored by foreign intelligence services seeking to further their countries’ objectives,” Martin writes.
One March 2011 theft of an unencrypted NASA notebook computer resulted in the loss of algorithms used to command and control the International Space Station. In one of the most successful attacks, Martin notes, intruders stole user credentials for more than 150 NASA employees, which could have been used to gain unauthorized access to NASA systems.
NASA operates more than 550 information systems that control spacecraft, collect and process scientific data, and enable NASA personnel to collaborate with colleagues around the world, and spends about $58 million annually for IT security.
“Some NASA systems house sensitive information which, if lost or stolen, could result in significant financial loss, adversely affect national security, or significantly impair our Nation’s competitive technological advantage,” Martin writes.
But even more troubling, he said, skilled attackers “could choose to cause significant disruption to NASA operations, as IT networks are central to all aspects of NASA’s operations.”