Nasa's network 'extremely' flawed

Mnsnbc.com.

Even worse, it appears several of the vulnerabilities were known about for months yet remained unpatched.

“Six computer servers associated with IT assets that control spacecraft and contain critical data had vulnerabilities that would allow a remote attacker to take control of or render them unavailable,” the audit report released on Monday by inspector-general Paul K Martin said.

“The attacker could use the compromised computers to exploit other weaknesses we identified, a situation that could severely degrade or cripple Nasa's operations,” the report continued, states Security News Daily.

“We also found network servers that revealed encryption keys, encrypted passwords, and user account information to potential attackers.”

It is not unusual for previously unknown network security holes to be found in large organisations. In that light, Martin's audit might have been seen as positive for revealing the vulnerabilities.

But it's long been known that security on Nasa networks is weak. Martin's office released a previous audit report nearly a year ago, and since then nothing has been done to remedy the situation.

The Daily Mail reveals that the audit was performed after Nasa was hacked in cyber intrusions that resulted in the 'theft of export-controlled and other sensitive data from its mission computer networks'.

In May 2009, hackers caused a mission system to 'make over 3 000 unauthorised connections' to IP addresses in China, Holland, Saudi Arabia and Estonia.

In addition, cyber criminals stole 22GB of restricted data from a Jet Propulsion Laboratory computer system in January 2009.