The National Aeronautics and Space Administration was under heavy attack over the past two years, as adversaries tried to infect machines with malware or use advanced persistent threats to get into the network, according to Congressional testimony.
Attackers from a Chinese-based IP address had breached the network at NASA's Jet Propulsion Laboratory and gained full access to the networks and sensitive user accounts, NASA Inspector General Paul Martin told the House Science, Space and Technology committee Feb. 29. NASA made the discovery in November, and the JPL incident is still under investigation, according to Martin.
There have been a total of 5,408 security incidents in 2010 and 2011 that resulted in either malware being installed on NASA systems or attackers gaining unauthorized access to the agency's systems, Martin said. There were 47 APT incidents in fiscal year 2011, of which 13 had succeeded. In one attack, perpetrators stole user credentials for more than 150 employees, according to Martin.
"These incidents ranged from individuals testing their hacking skills, to well-organized criminal enterprises seeking to exploit NASA systems for profit, to intrusions that may have been sponsored by foreign intelligence services," Martin said.
The attacks affected "thousands" of NASA computers, caused "significant disruption" to mission operations, and resulted in theft of sensitive data which cost NASA more than $7 million, Martin said.
The Subcommittee on Investigations and Oversight met to examine the NASA Office of the Inspector General (IG) reports and to discuss how to protect the agency from future attacks.
"NASA is a high-priority target for criminals and state-level actors attempting to steal, compromise, or corrupt technical data," according to a document prepared by the subcomittee prior to the hearing.
NASA technology is "inherently dual-use in nature," meaning that the information obtained could be used both for military purposes as well as in civilian-focused applications, according to the document. If compromised, there would be "significant nonproliferation concerns," the subcommittee members wrote.
In the attack on JPL systems, the intruders had full system access and could modify, copy or delete sensitive files; add, modify or delete user accounts for mission-critical JPL systems; upload tools to steal user credentials or compromise other systems; and modify system logs to hide their activities.
There were "systemic internal control weaknesses in NASA's IT security control monitoring and cyber-security oversight," Martin said in his testimony. An audit in May 2010 found that only 24 percent of "applicable coputers" on a mission network were monitored to received critical software patches, and only 62 percent were monitored for technical vulnerabilities. Another audit in December 2010 found the agency was not properly sanitizing or disposing equipment at four different centers and sensitive data was still on computers being prepared for sale.
Other incidents reported by Martin included a laptop stolen in March 2011 containing algorithms used to control the International Space Station. Thieves had stolen 48 notebooks or mobile devices from NASA between April 2009 and April 2011, Martin said.
The thefts are even more worrying when considered that as of Feb. 1 this year, only one percent of NASA's portable devices were encrypted, according to Martin.