According to a US Government paper, NASA said hackers stole employee credentials and gained access to mission-critical projects last year in 13 major network breaches that could compromise U.S. national security.
National Aeronautics and Space Administration Inspector General Paul Martin testified before Congress this week on the breaches, which appear to be among the more significant in a string of security problems for federal agencies.
The space agency discovered in November that hackers working through an Internet Protocol address in China broke into the -network of NASA's Jet Propulsion Laboratory, Martin said in testimony released on Wednesday.
One of NASA's key labs, JPL manages 23 spacecraft conducting active space missions, including missions to Jupiter, Mars and Saturn.
The hackers gained full system access, which allowed them to modify, copy, or delete sensitive files, create new user accounts and upload hacking tools to steal user credentials and compromise other NASA systems. They were also able to modify system logs to conceal their actions.
"Our review disclosed that the intruders had compromised the accounts of the most privileged JPL users, giving the intruders access to most of JPL's networks," he said.
In another attack last year, intruders stole credentials for accessing NASA systems from more than 150 employees. Martin said the his office identified thousands of computer security lapses at the agency in 2010 and 2011.
He also said NASA has moved too slowly to encrypt or scramble the data on its laptop computers to protect information from falling into the wrong hands.
Unencrypted notebook computers that have been lost or stolen include ones containing codes for controlling the International Space Station, as well as sensitive data on NASA's Constellation and Orion programs, Martin said.
A NASA spokesman told Reuters on Friday the agency was implementing recommendations made by the Inspector General's Office.
"NASA takes the issue of IT security very seriously, and at no point in time have operations of the International Space Station been in jeopardy due to a data breach," said NASA spokesman Michael Cabbagehe.
National Aeronautics and Space Administration Inspector General Paul Martin testified before Congress this week on the breaches, which appear to be among the more significant in a string of security problems for federal agencies.
The space agency discovered in November that hackers working through an Internet Protocol address in China broke into the -network of NASA's Jet Propulsion Laboratory, Martin said in testimony released on Wednesday.
One of NASA's key labs, JPL manages 23 spacecraft conducting active space missions, including missions to Jupiter, Mars and Saturn.
The hackers gained full system access, which allowed them to modify, copy, or delete sensitive files, create new user accounts and upload hacking tools to steal user credentials and compromise other NASA systems. They were also able to modify system logs to conceal their actions.
"Our review disclosed that the intruders had compromised the accounts of the most privileged JPL users, giving the intruders access to most of JPL's networks," he said.
In another attack last year, intruders stole credentials for accessing NASA systems from more than 150 employees. Martin said the his office identified thousands of computer security lapses at the agency in 2010 and 2011.
He also said NASA has moved too slowly to encrypt or scramble the data on its laptop computers to protect information from falling into the wrong hands.
Unencrypted notebook computers that have been lost or stolen include ones containing codes for controlling the International Space Station, as well as sensitive data on NASA's Constellation and Orion programs, Martin said.
A NASA spokesman told Reuters on Friday the agency was implementing recommendations made by the Inspector General's Office.
"NASA takes the issue of IT security very seriously, and at no point in time have operations of the International Space Station been in jeopardy due to a data breach," said NASA spokesman Michael Cabbagehe.
No comments:
Post a Comment