NASA fails to learn from UFO hacker
The Daily Mail quotes Martin as recently stating that NASA is “vulnerable to computer incidents that could have a severe to catastrophic effect on agency assets, operations, and personnel.” The specific serious vulnerabilities are identified by Martin: “Six computer servers associated with IT assets that control spacecraft and contain critical data had vulnerabilities that would allow a remote attacker to take control of or render them unavailable.”
These IT security issues aren’t anything new for NASA, as multiple hackers have successfully penetrated the agency’s network in the past. Briton Gary McKinnon successfully hacked into several NASA and U.S. military computers during 2001 and 2002, in search of information relating to UFOs. McKinnon’s work has been called the “biggest military computer hack of all time,” and he is currently fighting extradition to the U.S.Despite McKinnon’s hacks bringing network vulnerabilities to NASA’s attention, not enough was done to prevent hackers from penetrating their network. The Daily Mail points out that NASA computers were hacked twice in 2009:
“In May 2009, hackers caused a mission system to ‘make over 3,000 unauthorized connections’ to IP addresses in China, Holland, Saudi Arabia and Estonia. In addition, cyber-criminals stole 22GB of restricted data from a Jet Propulsion Laboratory computer system in January 2009.”
The network penetrations by McKinnon and other hackers seem to have not been important enough to NASA to merit improved network security. Further, the recent statements made by Paul Martin seem to be an invitation to computer hackers. The statements basically say, “Here’s where you can hack us, how you can do it, and what you will have access to.”
Martin and his department conduct independent audits on NASA programs to “promote economy, efficiency and effectiveness.” He has reportedly told NASA to perform an agency-wide IT security risk assessment and fix the vulnerabilities immediately. While response to previous hacks have apparently been ineffective, the public comments by Martin are likely to motivate the agency to reexamine their network’s security.