[ISN] NASA investigating hacker theft of sensitive documents

From: InfoSec News (isnat_private)
Date: Thu Aug 08 2002 - 23:28:00 PDT

  • Next message: InfoSec News: "[ISN] Hackers Called Truthseekers, Problem-Solvers"

    Forwarded from: William Knowles <wkat_private>
    AUGUST 08, 2002
    WASHINGTON -- NASA cybercrime investigators are looking into the theft
    of militarily significant design documents pertaining to the next
    generation of reusable space vehicles.
    The documents, which are restricted under current export laws from
    being shared with foreign nationals or governments and are also
    strictly controlled under the International Trafficking in Arms
    Regulations (ITAR), were obtained by Computerworld from a hacker who
    claims to be based in Latin America.
    The documents were authored by contractors from The Boeing Co. and a
    joint venture between East Hartford, Conn.-based Pratt & Whitney and
    Sacramento, Calif.-based Aerojet. All of the vendors also labeled the
    documents "competition sensitive," and while it is not yet clear
    whether sensitive data on military and commercial technologies may
    have been compromised, defense and intelligence experts said the
    incident could have both national security and political
    Bob Jacobs, a spokesman for NASA, confirmed that the documents contain
    sensitive military information and should have been stored in a closed
    database. There is no information on how or from where the documents
    were stolen, and investigators couldn't confirm whether a hacking
    incident had taken place.
    However, a hacker known only by the nickname RaFa, a former member of
    the now defunct World of Hell Hacker gang, uploaded to a Web site more
    than 43MB worth of documents, including a 15-part PowerPoint
    presentation that included detailed engineering drawings. The
    documents also included detailed mechanical design information on the
    COBRA space shuttle engine design program, and the risk reduction plan
    for the Boeing TA4 Advanced Checkout, Control & Maintenance System
    (ACCMS). The ACCMS is essentially the ground control system for the
    next generation of space shuttles.
    NASA's 2nd Generation Reusable Launch Vehicle (RLV) program is part of
    the agency's long-term Space Launch Initiative, a multibillion-dollar
    effort to design a new, safer and more efficient space transportation
    architecture by 2005. The Defense Department is a key partner in the
    effort because of its interest in the RLV program's applicability to
    military satellite programs and future military space plane designs.
    "These particular records would probably be of most interest to a
    country trying to build their own space launch vehicle," said Steven
    Aftergood, an analyst at the Federation of American Scientists in
    Washington. However, "I'm not sure that anyone else could use them
    either for good or ill."
    On the other hand, "the ITAR provisions are quite strict, and they
    entail serious penalties for violations," said Aftergood. "If a
    private person transferred ITAR documents abroad, he could be subject
    to hefty fines or jail time."
    Allen Thomson, a former CIA scientist, said this type of information
    would likely be of interest to so-called "peer competitors" in the
    commercial and military space market, such as Russia and Japan.  
    However, the general concern is that the documents could contain
    information that would be of use in countering the capabilities of a
    military version of the RLV, said Thomson.
    John Pescatore, an analyst at Stamford, Conn.-based Gartner Inc., said
    the disclosure of the documents on the Internet is "a very bad thing,"  
    mainly because it may represent only "the tip of the iceberg."
    "Many limited distribution documents can be aggregated to indicate
    very sensitive information," said Pescatore. "Another problem is the
    ability for someone to modify one of these documents and put it back
    where they found it -- there are many more possibilities for damaging
    incidents under that scenario, too."
    "Communications without intelligence is noise;  Intelligence 
    without communications is irrelevant." Gen Alfred. M. Gray, USMC
    C4I.org - Computer Security, & Intelligence - http://www.c4i.org
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Fri Aug 09 2002 - 02:05:22 PDT