[ISN] Network Security Breaches Plague NASA

From: InfoSec News <alerts_at_private>
Date: Mon, 24 Nov 2008 02:20:45 -0600 (CST)

By Keith Epstein and Ben Elgin
November 20, 2008

America's military and scientific institutions—along with the defense 
industry that serves them—are being robbed of secret information on 
satellites, rocket engines, launch systems, and even the Space Shuttle. 
The thieves operate via the Internet from Asia and Europe, penetrating 
U.S. computer networks. Some of the intruders are suspected of having 
ties to the governments of China and Russia, interviews and documents 
show. Of all the arms of the U.S. government, few are more vulnerable 
than NASA, the civilian space agency, which also works closely with the 
Pentagon and American intelligence services.

In April 2005, cyber-burglars slipped into the digital network of NASA's 
supposedly super-secure Kennedy Space Center east of Orlando, according 
to internal NASA documents reviewed by BusinessWeek and never before 
disclosed. While hundreds of government workers were preparing for a 
launch of the Space Shuttle Discovery that July, a malignant software 
program surreptitiously gathered data from computers in the vast Vehicle 
Assembly Building, where the Shuttle is maintained. The violated network 
is managed by a joint venture owned by NASA contractors Boeing (BA) and 
Lockheed Martin (LMT).

Undetected by the space agency or the companies, the program, called 
stame.exe, sent a still-undetermined amount of information about the 
Shuttle to a computer system in Taiwan. That nation is often used by the 
Chinese government as a digital way station, according to U.S. security 

By December 2005, the rupture had spread to a NASA satellite control 
complex in suburban Maryland and to the Johnson Space Center in Houston, 
home of Mission Control. At least 20 gigabytes of compressed data—the 
equivalent of 30 million pages—were routed from the Johnson center to 
the system in Taiwan, NASA documents show. Much of the data came from a 
computer server connected to a network that tracks malfunctions that 
could threaten the International Space Station.


Seven months after the initial April intrusion, NASA officials and 
employees at the Boeing-Lockheed venture finally discovered the flow of 
information to Taiwan. Investigators halted all work at the Vehicle 
Assembly Building for several days, combed hundreds of computer systems, 
and tallied the damage. NASA documents reviewed by BusinessWeek do not 
refer to any specific interference with operations of the Shuttle, which 
was aloft from July 26 to Aug. 9, or the Space Station, which orbits 250 
miles above the earth.

The startling episode in 2005 added to a pattern of significant 
electronic intrusions dating at least to the late 1990s. These invasions 
went far beyond the vandalism of hackers who periodically deface 
government Web sites or sneak into computer systems just to show they 
can do it. One reason NASA is so vulnerable is that many of its 
thousands of computers and Web sites are built to be accessible to 
outside researchers and contractors. Another reason is that the agency 
at times seems more concerned about minimizing public embarrassment over 
data theft than preventing breaches in the first place.

In 1998 a U.S.-German satellite known as ROSAT, used for peering into 
deep space, was rendered useless after it turned suddenly toward the 
sun. NASA investigators later determined that the accident was linked to 
a cyber-intrusion at the Goddard Space Flight Center in the Maryland 
suburbs of Washington. The interloper sent information to computers in 
Moscow, NASA documents show. U.S. investigators fear the data ended up 
in the hands of a Russian spy agency.


Subscribe to the InfoSec News RSS Feed
Received on Mon Nov 24 2008 - 00:20:45 PST

This archive was generated by hypermail 2.2.0 : Mon Nov 24 2008 - 00:36:46 PST