This is not a NASA Website. You might learn something. It's YOUR space agency. Get involved. Take it back. Make it work - for YOU.
IT/Web

More NASA Network Break-ins (Update)

By Keith Cowing
NASA Watch
May 22, 2012
Filed under , ,

Iranian ‘Cyber Warriors Team’ takes credit for NASA hack, MSNBC
“A group of Iranian student hackers known as the Cyber Warriors Team claims to have stolen the personal information of thousands of NASA researchers. The Cyber Warriors Team boasted in a May 16 Pastebin post that it exploited a secure sockets layer (or SSL) vulnerability in the space agency’s website to swipe “information for thousands of NASA researcher[s] with emails and accounts of other users.” In the hackers’ poorly worded English message, “How and reasons to Hack NASA SSL Certificate,” the group said the security glitch still exists, and leaves the agency open to more malicious attacks.”
NASA denies Iranian cyberattack, CSO Data Protection
“NASA said it discovered the Pastebin post within hours and launched an investigation of the claims. “Although the investigation is ongoing, all results thus far indicate that the claims are false… At no point were any sensitive, mission, or classified systems compromised,” Beth Dickey, a NASA spokeswoman, said in an email.”

NASA Watch founder, Explorers Club Fellow, ex-NASA, Away Teams, Journalist, Space & Astrobiology, Lapsed climber.

12 responses to “More NASA Network Break-ins (Update)”

  1. Johnny Vector says:
    0
    0

    I’m gonna guess this is a man-in-the-middle attack based on the fact that every time you connect to any NASA service requiring an SSL certificate, you have to approve the certificate because it’s self-signed.  So we’ve all been trained to accept any certificate that gets shoved at us.  

    Or if that’s not what they did, then someone else will soon.  

    • TechBoi81 says:
      0
      0

      Thanks for telling the whole world…

      • kcowing says:
        0
        0

        Am I supposed to not make mention of this?  MSNBC already did that – globally. Do  you think that NASA researchers have no right to know that their data may have been compromised? 

        • TechBoi81 says:
          0
          0

          Keith, my comment was in reference to the comment made above, not your whole post.

          • kcowing says:
            0
            0

            Well, now NASA knows how to fix their problem.  The fact that this sort of thing still happens makes me wonder if they truly understand how all of this IT stuff works.

          • cah says:
            0
            0

            Hmm, I can’t reply to you Keith … but I would be surprised if the SA for this system is a NASA employee. Almost certainly contracted out.

          • Johnny Vector says:
            0
            0

            RIght, cause security by obscurity works so very well.

  2. John_AnotherContractor says:
    0
    0

    I’m sure they’ll study it carefully, present recommendations to a technical committee, and then some admin will make us add three more characters to our passwords. That’ll fix it.

    • kcowing says:
      0
      0

      I think they should just bite the bullet and put those eyeball scanners they have on Star Trek and be done with this.

      • Steve Whitfield says:
        0
        0

        Keith,

        But what if the scanners require a functioning brain behind the eyeball? Will they work for all of the career CS’s?

        Steve

  3. Richard H. Shores says:
    0
    0

    You would think that NASA would have people use VPN to access the site. Unbelievable.