NASA Websites Hacked Again (Update – Still Offline)
Keith’s 11 Sep note: NASA was hacked yesterday by the BMPoC to protest U.S. cyberintelligence activities. One more reminder that everything everyone posts everywhere is seen by everyone. These NASA websites (at ARC) were affected and are currently offline:
kepler.arc.nasa.gov, amase2008.arc.nasa.gov, event.arc.nasa.gov, amesevents.arc.nasa.gov/sites, academy.arc.nasa.gov, planetaryprotection.nasa.gov, virtual-institutes.arc.nasa.gov, astrobiology2.arc.nasa.gov, nextgenlunar.arc.nasa.gov , lunarscience.nasa.gov, moonfest.arc.nasa.gov, iln.arc.nasa.gov, lunarscience.arc.nasa.gov
NASA ARC has this notice up if you try to reach these websites: “Down For Maintenance. The requested webpage is down for maintenance. Please try again later. Affected sites include but is not limited to:
* lunarscience.arc.nasa.gov
* kepler.nasa.gov
* nari.arc.nasa.gov”
Keith’s 19 Sep note: More than half of these websites are still offline. Wow. NASA really does not have a lot of resiliency when it comes to responding to a hacking event, despite what PAO would have you believe.
Brazilian hackers confuse Nasa with NSA in revenge attack, The Telegraph
“At no point were any of the agency’s primary websites, missions or classified systems compromised,” said Nasa spokesman Allard Beutel. “We are diligently taking action to investigate and reconstitute the websites impacted during web defacement incident,” he said.”
Combine this with the BYOD “remote erase” capability and I think we can all see what’s eventually coming.
Ya’ Bud, Obama just might regret lifting all of the NSA restrictions in 2011!
Idiots. I bet they thought they were attacking the NSA.
Generally, after an exploit of this type, there’s an IG’s office investigation, which can end up with disk drives being seized (temporarily) as evidence. That forces system administrators to restore from backups, and await recertification from relevant authorities within the agency. Generally takes a day or two, depending on things like where your backups are, how much got pwned, and whether your regular system administrator is on vacation – or is supplied by an outsourcing contractor. Security of the restored site and other systems on the same network is generally considered to take precedence over whether the public is damaged by a relatively brief inability to access, the sites.
Given the number of sites that were exploited, I’m going to venture the guess that the Webservers were virtualized and/or maintained by someone with a lack of imagination when it comes to privileged password diversity.
LADEE is safe, right? Comm lines to spacecraft are not on the net? Right? No one is going to shutoff connections to a spacecraft or commandeer one, right? This must be just a small set of the sub-domains at Ames.
So what does the IG actually do with the disk drives? That seems an utter waste of time. There was a time, back in the distant past, before IT became isolated from operational organizations, when NASA published reports on the then-rare hacking incidents explaining exactly how the hacking was accomplished, so that other system administrators within and outside the agency could avoid the same mistakes. But I haven’t seen such a report in many years. No one wants to talk about the actual vulnerabilities, let alone take advice from anyone outside IT on how to correct them, so naturally they recur. Meanwhile users are forced to change their passwords, now 12 characters of three types changed every 2 months, to supposedly prevent the hackers from cracking our passwords, a task which apparently takes exactly 61 days. Website authors are denied access to their own sites and forced to actually submit a work order to a separate contractor every time they want to correct a misspelling. The isolation between knowledge experts and the publicly available information, one of the very problems the Internet itself was intended to overcome, is part of the reason for the lack of coordination and responsiveness in NASA websites that Keith frequently notes.
Hey, IT, are you listening? The hackers already know the weak points and mistakes in the system configuration. Why keep it a secret from
the users? Wait, I think I know…