NASA and cybersecurity: Ground control to Major Tom?
Latest claimed attack by Iranian students piles on to 47 attacks in fiscal year 2011, with 13 compromising the agency's computers
By Antone Gonsalves
May 23, 2012 — CSO — Iranian students claim to have penetrated a NASA website and stolen the personal information of thousands of NASA researchers. While NASA has not confirmed the hack, the agency has been struggling for sometime with cybersecurity.
The Iranian group calling itself the "Cyber Warriors Team" bragged about their feat in a May 16 post on Pastebin. NASA is reportedly investigating and did not answer a request for comment Wednesday.
Writing in broken English, the group, which described itself as students "organized and formed of programmers and hackers," said it hacked the secure sockets layer of the NASA site to obtain the public key certificates needed to gain access to the researchers' personal data.
The alleged compromised site is called the Solicitation and Proposal Integrated Review and Evaluation System.
In deciphering the group's Pastebin post, Kaspersky Lab said in its security blog that the students claimed to have created an HTTPS protocol scanner to find the vulnerability.
Also called a packet analyzer, the scanner intercepts and logs traffic over a digital network. By decoding the intercepted data, the hackers were apparently able to locate the certificates.
Kurt Baumgartner, senior security researcher at Kaspersky, said without proof or confirmation from NASA, the Iranians' claims are suspect. "At this point, the related Pastebin post maintains crazy talk and nothing of substance, unless NASA confirms otherwise," he told CSO on Wednesday.
Earlier this month, NASA, which stands for the National Aeronautics and Space Administration, and the European Space Agency confirmed a group calling itself "The Unknowns" had hacked sites of both agencies. No information was stolen. Instead, the group passed along details of the vulnerabilities, so they could be fixed.
In a report to Congress in February (PDF document), NASA Inspector General Paul K. Martin said the agency has increasingly become a target of sophisticated attacks bent on stealing or changing information from computer systems and networks. During fiscal year 2011, NASA was the target of 47 such attacks, with 13 successfully compromising the agency's computers.
Martin's recommendations included maintaining an up-to-date list of IT components connected to NASA's network, define security configuration baselines for each component and use best practices for vulnerability management on all its IT systems. Martin also pointed out that NASA has been slow to implement full-disk encryption of data on its employees' laptops and other mobile computing devices.
NASA's security headaches are expected to increase as it turns to cloud computing to deliver software services over the web. "The need to effectively secure agency data stored in the cloud has emerged as the major challenge to federal agencies reaping the substantial benefits cloud computing offers," Martin said.
Read more about malware/cybercrime in CSOonline's Malware/Cybercrime section.