NASA computer servers vulnerable to attack: audit

Mar 28, 2011
A man works on a computer at NASA's Jet Propulsion Laboratory (JPL) in Pasadena, California 2003. NASA's inspector general warned Monday that computer servers used by the US space agency to control spacecraft were vulnerable to cyber attack through the Internet.

NASA's inspector general warned Monday that computer servers used by the US space agency to control spacecraft were vulnerable to cyber attack through the Internet.

"We found that computer servers on NASA's agency-wide mission network had high-risk vulnerabilities that were exploitable from the Internet," inspector general Paul Martin said in an audit of NASA's network security.

"Specifically, six computer servers associated with IT assets that control spacecraft and contain critical data had vulnerabilities that would allow a remote attacker to take control of or render them unavailable," the report said.

It said a cyber attacker who managed to penetrate the network could use compromised computers to exploit other weaknesses and "severely degrade or cripple NASA's operations."

The inspector general's audit of NASA's computer security found "network servers that revealed encryption keys, encrypted passwords, and user account information to potential attackers.

"These data are sensitive and provide attackers additional ways to gain unauthorized access to NASA networks," the report said.

The inspector general warned that "until NASA addresses these critical deficiencies and improves its IT security practices, the agency is vulnerable to computer incidents that could have a severe to catastrophic effect on agency assets, operations, and personnel."

The inspector general performed the audit after NASA experienced a number of cyber intrusions that the report said resulted in the "theft of export-controlled and other from its mission computer networks."

The inspector general cited a May 2009 incident in which infected a computer system that supports one of NASA's mission networks.

"Due to the inadequate security configurations on the system, the infection caused the computer system to make over 3,000 unauthorized connections to domestic and international Internet Protocol (IP) addresses including addresses in China, the Netherlands, Saudi Arabia, and Estonia," the report said.

It said that in January 2009, cybercriminals stole 22 gigabytes of export-restricted data from a Jet Propulsion Laboratory computer system.

The inspector general recommended that NASA immediately act to mitigate risks on Internet-accessible computers on its mission networks and carry out an agency-wide IT security risk assessment.

Explore further: Twitter rules out Turkey office amid tax row

add to favorites email to friend print save as pdf

Related Stories

Audit: Air traffic systems vulnerable to attack

May 06, 2009

(AP) -- The nation's air traffic control systems are vulnerable to cyber attacks, and support systems have been breached in recent months allowing hackers access to personnel records and network servers, according to a new ...

Hackers breach US air traffic control computers

May 08, 2009

Hackers broke into US air traffic control computers on several occasions over the past few years and increased reliance on Web applications and commercial software has made networks more vulnerable, according ...

Cyber criminals cloak their tracks

Feb 13, 2008

The 2007 X-Force Security report from IBM finds a disturbing rise in the sophistication of attacks by criminals on Web browsers worldwide. According to IBM, by attacking the browsers of computer users, cyber criminals are ...

NASA's beleaguered watchdog steps aside

Apr 03, 2009

(AP) -- Two weeks after three senators called for his ouster, the beleaguered NASA inspector general who came under fire from two watchdog agencies gave notice.

Recommended for you

Twitter rules out Turkey office amid tax row

11 hours ago

Social networking company Twitter on Wednesday rejected demands from the Turkish government to open an office there, following accusations of tax evasion and a two-week ban on the service.

How does false information spread online?

14 hours ago

Last summer the World Economic Forum (WEF) invited its 1,500 council members to identify top trends facing the world, including what should be done about them. The WEF consists of 80 councils covering a wide range of issues including social media. Members come ...

User comments : 0

More news stories

Microsoft CEO is driving data-culture mindset

(Phys.org) —Microsoft's future strategy: is all about leveraging data, from different sources, coming together using one cohesive Microsoft architecture. Microsoft CEO Satya Nadella on Tuesday, both in ...

Simplicity is key to co-operative robots

A way of making hundreds—or even thousands—of tiny robots cluster to carry out tasks without using any memory or processing power has been developed by engineers at the University of Sheffield, UK.

IBM posts lower 1Q earnings amid hardware slump

IBM's first-quarter earnings fell and revenue came in below Wall Street's expectations amid an ongoing decline in its hardware business, one that was exasperated by weaker demand in China and emerging markets.