[ISN] Re: Pentagon Cyber-Hackers Claim NASA Also Cracked

From: mea culpa (jerichot_private)
Date: Thu Apr 23 1998 - 17:09:43 PDT

  • Next message: mea culpa: "Re: [ISN] Info on DOD/DISA/DEM Software 'hack'"

    [Moderator: One of our NASA readers came through :)]
    
    ---------- Forwarded message ----------
    
    >      The group, which calls itself the "Masters of Downloading" or MOD,
    > said the cyber-attack had stripped the U.S. space agency of its chief
    > defense against computer intrusion and would allow them "to pass undetected
    > through their systems."
    
    	Unless they're able to h4x0r their way into the logging routines
    and undo ink upon printer paper, they would sooner "pass undetected"  out
    my ass than on the NASA networks I'm around.  The people I know who
    maintain the network monitors are highly clued-in and I trust their
    skills. 
    
    >      Computer expert John Vranesevich, who runs the AntiOnline website
    > devoted to information security issues (www.antionline.com), said Wednesday
    > that MOD had contacted him with new claims about a break-in at NASA.
    >      "They have access to a lot more than they've given to me, or let me
    > know about," Vranesevich told Reuters.
    
    	This is doubletalk.  "I know they have access to things they don't
    let me know about."  What the hell?
    
    >      According to MOD, which sent Vranesevich samples of the alleged NASA
    > software to back up its claim, members of the group broke into system
    > through the Jet Propulsion Laboratory (JPL) in Pasadena, California, and
    > took away enough information to effectively disable any "intruder alert"
    > system the agency's computers might have.
    >      Specifically, the group said it now had key pieces of the NASA
    > Automatic Systems Incident Response Capability (NASIRC) software package
    > and was able to break into NASA computer servers with impunity.
    
    	They claim access to NASIRC in specific.  BFD.  NASIRC logs and
    tracks incidents.  It's the NASA equivalent of CERT.  To the best of my
    knowledge, NASIRC does not possess [nor has it ever possessed] software
    that allows it to cruise the NASA network without challenge. 
    
    >      NASA had no immediate comment on the group's claims, although one
    > official who had seen a list of the software allegedly stolen said "it
    > doesn't look too alarming."
    
    	The reason why is that the software is available pretty readily on
    the NASA intranets.  My present guess is that these guys got on a
    low-level NASA machine and connected via Lynx to NASIRC's internal pages.
    - From there, they got a few NASIRC packages and whoop-de-doo.
    
    
    -o-
    Subscribe: mail majordomot_private with "subscribe isn".
    Today's ISN Sponsor: Dimensional Communications (www.dim.com)
    



    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:51:27 PDT