Read Bennett Gold LLP's privacy policies and practices regarding this web site.
LINK TO: Bennett Gold LLP's Privacy Policies and Practices. E-CommerceALERT.com is part of the Bennett Gold LLP web site network.
LINK TO: Bennett Gold LLP, Chartered Accountants, home page.
LINK TO: E-CommerceALERT.com Home Page.
CLICK to GO BACK to Main Page.

Research and retrieval of news articles by Bennett Gold LLP, Chartered Accountants


SPECIAL NOTE TO ALL VISITORS:
Effective December 31, 2012, articles are no longer being updated on this web site.
The site is now maintained as an historical archive, covering articles from the period 1999 to 2012.


HACKERS PENETRATED NASA COMPUTERS 13 TIMES LAST YEAR

Source: USA Today

Posted on March 12, 2012

Hackers penetrated NASA's computers 13 times last year, including one China-based breach that gained total access to and control of crucial systems and employee accounts at the Jet Propulsion Laboratory, the space agency's inspector general told Congress this week.

Another security failure occurred in March 2011, when an unencrypted NASA notebook computer was stolen. It contained algorithms to command and control the International Space Station. NASA said, however, the station was never in any jeopardy.

All told, NASA reported more than 5,400 incidents of malicious software or unauthorized access of its computers between Oct. 1, 2010, and Sept. 30, 2011, NASA Inspector General Paul Martin said in his written testimony delivered Wednesday to a hearing of the House Science, Space and Technology Committee investigations subcommittee. The agency suffered 47 attacks by "advanced persistent threats" - groups or individuals repeatedly attacking a computer or system, theNational Journal reported.

Only 1% of NASA's portable devices are encrypted, and 48 were stolen between April 2009 and April 2011, Martin stated.

In the November attack on the Jet Propulsion Laboratory, in Pasadena, Calif., the intruders "gained full access to key JPL systems and sensitive user accounts." Hackers traced to China-based Internet Protocol addresses stole personal credentials for 150 employees.

"The attackers had full functional control over these networks," the IG's report stated, adding that they would have been able to "modify, copy or delete sensitive files" or "upload hacking tools to steal user credentials and compromise other NASA systems," the BBC notes.

"These incidents spanned a wide continuum, from individuals testing their skill to break into NASA systems, to well-organized criminal enterprises hacking for profit, to intrusions that may have been sponsored by foreign intelligence services seeking to further their countries' objectives," Martin said. "Some of these intrusions have affected thousands of NASA computers, caused significant disruption to mission operations, and resulted in the theft of export-controlled and otherwise sensitive data, with an estimated cost to NASA of more than $7 million."

He said hacking suspects have been arrested in China, Estonia, Great Britain, Italy, Nigeria, Portugal, Romania and Turkey.

NASA said in a statement the agency had "made significant progress to protect the agency's IT systems."

NASA's computer-security problems are not new, as FierceGovernmentIT reports. In five years the NASA inspector general has conducted 21 audits and made 69 IT-related recommendations.

In September, the IG reported that a cybersecurity audit for fiscal 2009 found that "security control assessments and contingency plan testing went undone and that the NASA chief information officer was unaware of the cybersecurity hole," FGIT wrote at the time.

In December, Martin delivered an audit (pdf) that said NASA faces "significant challenges" in "transitioning to a continuous monitoring approach" for its systems.

In a subcommittee news release the chairman, Rep. Paul Broun, R-Ga., noted that many of NASA's technologies also can be used for military purposes and cautioned that without "persistent vigilance," NASA risks becoming an unlocked 'back door'" that threatens national security.




CLICK to GO BACK to Main Page.

E-Commerce Alerts are issued by Bennett Gold LLP, Chartered Accountants as situations develop. Bookmark this site and check back often. Our e-mail address is: info@BennettGold.ca

In accordance with United States Code, Title 17, Section 107 and Article 10 of The Berne Convention on Literary and Artistic Works, the news clippings on this web site are made available without profit for research and educational purposes.


ALERT
ARCHIVES
Final Entries
2012
2011
2010
2009
2008
2007
2006
2005
2004
2003
2002
2001
2000
1999


LINK TO: Bennett Gold Chartered Accountants: A Licensed Provider of WebTrust Services.

WebTrust Is Your
Best Defense
Against
Privacy Breaches.

Get WebTrust
Working For
Your Site.