Report: Hackers seized control of NASA computers
In March 2011, theft of an unencrypted NASA notebook resulted in the loss of the algorithms used to command and control the International Space Station.
March 2nd, 2012
03:06 AM ET

Report: Hackers seized control of NASA computers

By Dan Merica

Hackers targeting sensitive NASA computers have gained access to employee credentials and taken control of systems at NASA's Jet Propulsion Laboratory, among other things, a federal report says.

The space agency's inspector general, Paul K. Martin, cited one case involving hackers with IP addresses in China.  In that case, intruders gained "full system access" to change or delete sensitive files and user accounts for "mission-critical" systems at the Jet Propulsion Laboratory, he said in a report issued this week."In other words," Martin said, "the attackers had full functional control over these networks."

In another attack, hackers stole credentials for about 150 NASA employees, the report said.

NASA reported that it was the target of 47 sophisticated cyberattacks - the report calls them "advanced persistent threats" - in 2011. Thirteen of those 47 attacks successfully compromised NASA computers.

"The individuals or nations behind these attacks are typically well organized and well funded and often target high-profile organizations like NASA," Martin said in his report, titled "NASA Cybersecurity: An Examination of the Agency's Information Security."

In total, the space agency reported 5,408 incidents "that resulted in the installation of malicious software on or unauthorized access to its systems" in 2010 and 2011.

"These incidents spanned a wide continuum from individuals testing their skill to break into NASA systems, to well-organized criminal enterprises hacking for profit, to intrusions that may have been sponsored by foreign intelligence services seeking to further their countries' objectives," Martin said.

NASA has conducted 16 investigations over the last five years that led to the arrests of foreign nationals from China, Great Britain, Italy, Nigeria, Portugal, Romania, Turkey and Estonia.

These intrusions "have affected thousands of NASA computers, caused significant disruption to mission operations, and resulted in the theft of export-controlled and otherwise sensitive data, with an estimated cost to NASA of more than $7 million," the report said.

Loss and theft have also been issues for NASA. Forty-eight agency mobile computing devices were reported lost or stolen between April 2009 and April 2011.  This led to the possibility that sensitive algorithms and data landed in unauthorized hands.

"For example, the March 2011 theft of an unencrypted NASA notebook computer resulted in the loss of the algorithms used to command and control the International Space Station," Martin wrote.

Martin testified in front of Congress on Wednesday and the report served as a precursor to his testimony. While in front of a House committee, Martin spoke about the slow pace of encryption for the agencies' mobile devices and the lack of technological security monitoring at NASA.

Post by:
Filed under: Cybersecurity • NASA
soundoff (128 Responses)
  1. affiliate theme

    Thank you for some other informative blog. The place else could I am getting that type of information written in such a perfect means? I've a project that I am just now operating on, and I've been at the look out for such information.

    May 18, 2012 at 2:51 pm | Reply
  2. how to get rid of back fat rolls

    Excellent web site. A lot of helpful information here. I am sending it to several pals ans additionally sharing in delicious. And of course, thank you for your effort!

    April 18, 2012 at 11:49 am | Reply
  3. Shabbir

    They just wana control the Net...
    this is propaganda to push forward laws like SOPAA,ACTA,etc

    March 5, 2012 at 12:29 pm | Reply
  4. Shabbir

    They just want to CONTROL the Internet.
    This is just PROPAGANDA to push forward with laws like ACTA,SOPAA n all of that...

    March 5, 2012 at 12:27 pm | Reply
  5. John Huseby

    It's sad that NASA's Information technology does not match up with its sophisticaion in space technology. For some time others have pointed out that the IT organizations need to bolster their processes and adopt Lean, Agile and Six Sigma methodlogies to transform their IT from an ad hoc practive to an well designed, engineering organization. I ecommend a book by Peter Ghavami, titled "Lean, Agile and Six Sigma IT Management" to NASA's IT managers to read up on these processes.

    March 5, 2012 at 12:40 am | Reply
  6. Eric G.

    I am a student in Networking Security. I will admit, I do not know everything. It's probably been said several times, but what I do know is that hacking can be done no matter what the situation is. However, like anything, the chain is only as strong as the weakest link - and this is often the people who are employed by said companies/organizations.

    Speaking of which... this laptop theft sounds way more glossed over than it should be. Somebody should never have had a laptop with that kind of information on it. Ever. This seems to be more than meets the eye, personally.

    March 4, 2012 at 2:22 pm | Reply
    • Darkguardian1314

      I agree. On top of that, there was no security such as login and remote wiping of the hard drive if lost. Encryption of the data files, GPS location etc.

      March 4, 2012 at 6:12 pm | Reply
      • Eric G.

        Unfortunately, this may be one of the nails in the coffin for the space program, proving that its infrastructure is just too vulnerable to upkeep for the budget allowed. It seems that whole agency suffers from complacency.

        March 4, 2012 at 10:11 pm |
  7. CommonSense

    Fifth action as ruler: remove myself as ruler.

    'Nuff said.

    March 3, 2012 at 1:59 pm | Reply
  8. CommonSense

    Fourth action as ruler: create a "plan" for humanity.

    Where are we going? Where do we want to go? How will we survive as a species? What back-up/alternate plans should be implemented to ensure progress and safety?

    (We are simply wandering at this point.)

    March 3, 2012 at 1:58 pm | Reply
  9. CommonSense

    Third action as ruler: eradicate the concept of race.

    Race, as a way of dividing humanity, is not valid. We are all of the same race. There is no factual or scientific basis for "white", "black", "red", "yellow", etc. All institutions, laws, and conventions based upon this concept are invalid.

    March 3, 2012 at 1:55 pm | Reply
    • Sean

      @ CommonSense
      Actually yes there is.
      Ask any medical professional working in a trauma or ER role.

      March 5, 2012 at 2:00 pm | Reply
  10. CommonSense

    Second action as ruler: substitute education for religion.

    It's time for humankind to move forward and beyond the bindings of religion. Belief systems are important, but not at the expense of rational thought and scientific evidence.

    March 3, 2012 at 1:50 pm | Reply
    • JD JR

      So then education becomes the new religion. Sorry, I'll take my "irrational thought" over the "goo to you" theory. Goes against all laws of entropy :/

      March 5, 2012 at 1:31 am | Reply
      • CommonSense

        Thank you for illustrating my point, JD.

        March 5, 2012 at 2:41 am |
      • Sean

        Lol @ JD JR

        March 5, 2012 at 1:58 pm |
  11. CommonSense

    First action as ruler: remove all designations of countries

    It is a remnant of tribal concepts and is no longer relevant in a modern, intertwined, co-dependent world.

    March 3, 2012 at 1:46 pm | Reply
    • max

      Apparently these differences are very relevant as people are still willing to fight and die for them. You must be young to see the world as so simple.

      March 4, 2012 at 11:25 am | Reply
      • CommonSense

        Ad hominem, Max. And the willingness to fight and die has nothing to do with whether the concept of countries is still valid/relevant.

        March 5, 2012 at 2:59 am |
  12. CommonSense

    I think that I need to rule the world ...

    March 3, 2012 at 1:43 pm | Reply
  13. jpdo

    hire them. oviosly they are smarter than those that go to space but cannot protect a computer. imagine what could happen with they brake into your nukes. we all screwed. exactly suckers.

    March 3, 2012 at 8:05 am | Reply
    • Eh!

      I don't think smarts has anything to do with it....with NASA, as well as many if not most organizations like it, they get stuck in a business as usual mode. This was the underlying cause of the space shuttle disaster several years ago. Also, probably a reliance on the 'That couldn't happen to us, we're rocket scientists here,' mentality.
      NASA needs to be restructured and flattened as an organization. They should have their smart people freed up to 'do' as opposed to managing and dealing with bureaucratic BS, If FauxBama can sneak in a tax on mortgages for his unpopular healthcare fail, he might as well sneak in an extra for the space program as it's more relevant to ensuring the propagation of our species.

      We're fouling up the soil, air and water unnecessarily here on earth, we better get going on the tech for long term habitation of space, else we're going to bankrupt ourselves trying to treat cancer and disease rather than prevent it at the sources such as the Monsanto Company.

      You know, Monsanto, originators of the wonderful products DDT, Agent Orange, artificial sweeteners, nuclear weapons, BST, herbicidal resistant super-weeds, genetically engineered (animal) food products, which the citizens of the US are unwitting guinea pigs in that grand experiment.

      Sorry, got off topic...sort of. Basically, NASA requires appropriate funding and a clear mission. The innovation and products that they will require to move forward (non-polluting materials for indoor environments, safe/novel energy sources, etc.) will spur job creation and help move us forward as a country and civilization.

      As to @common sense, i do believe in countries. They help move forward cultures that prove themselves fit to move forward. There's no reason why they can't work together better, but without them, management of the earths people would be a bureaucratic mess, where the haves will always keep the have not's enslaved.

      March 8, 2012 at 10:46 am | Reply
  14. YounanMarketingAndManagementAssociatesInc,Int'l Intst'r

    You know already or don't realize it in a direct way, that hackers are espionage agents. there was always hacking even before the home computer was widely adopted as basic home business education and entertainment tool.
    there was phone hacking, doctor's files hacking, lawyers offices and files hacking, postal mail stealing hacking.
    Now i beleive assange himself is the main espionage agent hacker who stole your nasa files because like the other extortionist records and assets frauds he and his press cocksucker worship bastards are trying to host him as me investigating the negative aspects of afghanistan which by the way the pretend is fought on homeland areas, such as windsor, etc. i am sure they copy split the nasa files to sell around and make oodles and noodles of money and power to sabotage. so also get the wudunn swedish new york times for doing that , the monarchy of sweden for it, the chinese because not long ago wasn't it them that suddenly decided to enter the space race. also robert and cheryl gherhadt who hacked my phone telebank rights and internet rights to own my assets that were stolen etc. so you or some others allowed and facilitated their hacking. the gay pride arm of assange in soldier uniform and media uniform and in crook british soldier dealer houses would be accomplices or directed it. They want assange to help take credit and labor rights of achievement and privilege from me regarding my Nasa investigations and criticisms of spending and sort of not accurately reported or broadcast history regarding space explorations and back door activity of simulating space aliens to make a power play on different persons or groups. isn't also saudi arabia sharing espionage agent backing and reaping criminal awards of the assange worm holer hacker. certain american politician members also got a copy of that hacked computer file. and canadian ones too, if ignatief from new york actually and not canadien hasn't died he also would have a major espionaged record of nasa computer files. in links with university of toronto power diggers. it may have been sold over 43 times.
    you slut fag cops who erased my previous postings on better agriculture nutrional management for livestock and also for pets so you can send your whores that you cuntlick and steal with to sell my important science management like its their ugly hooker mouths and queer fags mouths when i even posted it as free advice in that case, i want to shoot you in the face five times. also there is surveillance near my present location unit, because where there are elevators there are various links of surveillance. you have a problem ass you ignoramouses – go seek reformatory treatment immediately.
    Also where there is hydro outdoor systems there is surveillance and in wildlife areas there are certain other kinds of surveillance. Some major project or smaller project construction incorporates a surveillance system as well. It has been that case or situation for a long time.

    March 2, 2012 at 5:28 pm | Reply
    • CommonSense

      Wow ... a brain in crisis. Please find your meds and take them. If you don't have meds, you need some. Please do yourself a favor and get yourself evaluated – your thought processes are neither sequential nor logical. You may be a danger to yourself.

      March 3, 2012 at 1:34 pm | Reply
    • Beck

      This is all because of cable. Ditch the cable and upgrade to direct tv and everything will be better.

      March 3, 2012 at 6:25 pm | Reply
  15. What Is

    Given the periodic reports of these intrusions, it looks like the probing and reconnaissance of vital US computer infrastructure is moving along fairly well.

    Attacking Iran with the Stuxnet virus may come back around sooner than later. Perhaps a bad precedent to have started.

    March 2, 2012 at 4:20 pm | Reply
  16. amischiefr

    Sick, you sound like you must be the guy at NASA making all of these mistakes. You stated: '...yet there are still many vulnerabilities to each network.' There are no vulnerabilities in a correctly configured intranet that has 0 access to the internet. There is never a need to connect secret/top secret networks to those that have access outside of the facility. I worked at NATO HQ in Belgium and that is exactly what we had: a secret network that you could not get into from the outside world: period. Never. The damn wires were isolated, meaning that there were no firewalls between networks, they even ran on different fiber optic cables. Every machine on that network was locked down: no USB, no CD/DVD burners. The only way to get data off would be to look at it, write it down and input it into another machine outside that did have access.

    March 2, 2012 at 3:02 pm | Reply
    • Sick

      Please correct me if I am wrong but I doubt the network that was hacked at NASA operated like your secured NATO network. I'm sure if NASA did, completely isolated from the rest of the internet, then yes, its vulnerabilities would be greatly reduced but again I'm sure there was a need for NASA to be hooked up in some capacity to the outside world. As others have said, unless you disconnect it completely, it will always be vulnerable in some aspect.

      Obviously I'm not the one at NASA making the "mistake" if you would like to call it that. I just do not like it when people assume that security is an easy topic and that you can always prevent an attack. Encryption can be hacked, networks can be hacked, anything you deem "secure" can be hacked. It is wrong to say there are 0 vulnerabilities in a correctly configured system/network. Ask any professional that.

      You can minimize risk but never get rid of it.

      March 2, 2012 at 3:39 pm | Reply
      • Fairlane

        I don't agree with that last sentence..Properly written code that has been audited correctly and extensively will have no vulnerabilities to be taken advantage of. Most if not all security vulnerabilities come from error in the coding of the application. Errors that attackers take advantage of (usually in the form of buffer overruns – but there are others) If the code has been audited correctly, there are no loopholes for malware writers to take advantage of. But on the other hand, that is in itself, the problem; humans make mistakes, even when you have more than one set of eyes auditing the code, something can be missed..resulting in an attacker (if they do find it) taking advantage of the exploit..Compounding the problem is usually management pressuring programmers to hurry up and get the product ready for release, making it that much easier to miss problems within the code..That said, I still say that is is certainly possible to write error free code.

        March 2, 2012 at 4:16 pm |
      • Rob

        I would like to thank the Chinese people for pointing out our vulnerabilities. Can we cut the fiber link to them now?

        March 7, 2012 at 8:32 pm |
    • Fairlane

      Sounds to me like that would be the right way to do it, at your network amischiefr. Definitely no flash drives allowed. Of course there is always a balance between convenience and security, unfortunately security usually takes a back seat to security. Just look at how banks handle their online banking! ;)

      March 2, 2012 at 4:24 pm | Reply
      • Fairlane

        Whoops, I meant security usually takes a back seat to convenience.. XD

        March 2, 2012 at 4:25 pm |
  17. JV

    @Hypothetical Bob.. What if this/what if that. The point is the message it will send without mass killing. Moreover, your hypothetical excuses would be averted with some simple timing and preplanning. Hackers steal info that almost certainly cause death to our soldiers and foreign operations, and theses douche bags are called heroes by absent minded fouls with no sense of the real world. You must be used to being stepped on. Well, a lot of us Americans are all smiles until we are stepped on. I will even stand up for you if you are to weak to do it or speak of it. Because I only want to deliver a harsh, please don’t do that again message, sent to the ones who stepped on us all. It is that simple. It is the only way it will stop. Again.. simple human nature.

    March 2, 2012 at 2:24 pm | Reply
    • E

      Doesn't change one simple fact:

      Your solution = a literal nuclear bomb in response to a few mosquitoes.

      Also, did you think about the military response other countries would have for such an action? You'd practically invite WW3 on us!

      Thanks for furthering the world's stereotype that we Americans don't think.

      March 2, 2012 at 2:36 pm | Reply
      • JV

        So passive and arrogant. Misquotes? Seriously? They have hit every US Dept. in our gov. to include the US Senate and House and their committees. Not mention most of the fortune 500 companies. And that’s the ones we know about from the media. So passive and blinded.. Not sure what stereotype you are referring too. However, I tell you this. Us Americans are different from the people in the rest of the world. Any well-traveled person will know this. Our individual strength, companion and mortals separate us culturally from the rest of the world. So if you are referring to that as your stereotype, then thanks!

        March 2, 2012 at 3:00 pm |
    • E

      "Hackers steal info that almost certainly cause death to our soldiers and foreign operations ..."

      And THAT "almost certainly" is a humongous "what if."

      March 2, 2012 at 2:42 pm | Reply
      • Rob G

        That is actually fact, not a "what if". The act of hacking into any Government involved computer system should be an act of war. That goes for any country not just the U.S.. Earth is in a sad place, never sure it was ever happy, but the fact is what it is. We are all narrow minded species that can not see past the node on our face.

        We all blame each other for our problems and can not for the lives of us work together as men! No country should be fighting right now! Over what religion? Oil? What the #%$ are we fighting about? Children dying because they believe in a different form of religion? What kind of world is this?

        March 2, 2012 at 7:45 pm |
  18. Clinton

    This is the part of our foreign policy that pisses me off, China intentionally steals our National Secrets using electronic espionage and we do hardly anything about it... F!@#$ China, I say you retalliate, just round up the best hackers in the US and start an all out assault on all of China's electronic infrastructure. Shut down power plants, delete their Government websites, invade and delete their Governments records and payrolls and everything about these jokers... destroy their E-world to the point they won't dream of using cyberattacks against us again... this is a covert act against our people, It's essentially spying but getting caught time and time again.... Our Government needs to stand up to this crap... tell China if they don't stop we will retalliate and our retalliation will be ten times worse than anything they do.

    March 2, 2012 at 1:15 pm | Reply
    • #Anonymous

      Love you little Chinese geeks. You are at your best.

      March 4, 2012 at 5:56 am | Reply
    • Rob

      Just cut the fiber link. They will believe their under attack. panic will ensue, the cold war will begin again

      March 7, 2012 at 8:36 pm | Reply
  19. Whombatt

    The vast majority of 'lost' mobile devices are lost because of the pure incompetence of those into whose care the device was entrusted. Almost none have gone missing because a secure, locked and guarded repository was burgled.

    "I only left it in my car for a moment."

    "It was right here beside my chair a minute ago."

    "My son borrowed it for a show-and-tell and his backpack was stolen."

    "I just went to refill my coffee cup."

    "It was in my checked baggage and the airline lost it."

    March 2, 2012 at 12:16 pm | Reply
  20. Face

    China has technically been at cyber-war with us for years.. they break into and compromise so many systems... they could probably shut us all down in a matter of minutes by now.

    March 2, 2012 at 12:00 pm | Reply
    • E

      Petty to assume it's all China. There are other Asian countries, too (and probably just as, if not more, capable).

      Also, what about Israel, India, most middle East countries, Central and South America, Europe, and some parts of Africa?

      What about people from within the US?

      A fundamental issue with a layperson's security is assuming that the "them" is only 1 distinct target.

      March 2, 2012 at 12:11 pm | Reply
    • E

      Even worse:

      Assuming there are no threats from within.

      March 2, 2012 at 12:13 pm | Reply
    • JV

      Deploy a small EMP on the source every time it happens. Yes, they can track the source. They will eventually get the message. Maybe not very PC for you face down @ss up left field Libs, but it does not hurt or kill any one. Very rational and gets the point across. When will you get that the most of the world is an evil place and everyone wants what you have, and will kill and steal for it. Simple human nature. It all fun and games until you get caught, again, and again, and again, and again ~

      March 2, 2012 at 12:25 pm | Reply
      • E

        Hypothetical: Source of attack comes from your own country.

        You would deploy an EMP on your own citizens???

        O.o

        March 2, 2012 at 12:36 pm |
      • Bob

        "does not hurt or kill any one"

        Oh reallY/ So the pilot and passengers in the plane that gets hit are going to be a-ok? The construction worker who gets hit by a falling beam because motors failed will be a-ok? Need I continue...? All those people should suffer/die for your macho need to 'nuke em'?

        March 2, 2012 at 12:43 pm |
  21. Kerry

    Negative Karma like that will return to them. China's bubble will burst. Internal bleeding is immanent.

    March 2, 2012 at 11:58 am | Reply
  22. Gert

    First step...Block all IP's from the Asia-Pacific Region (If you know someone needs access, use a VPN or unblock individual IP's)
    Second step....Work directly with other government agencies to track and counter attacks (Air Force has a group setup just for this sort of thing)
    Third step....Take anything of a "Super-sensitive" nature off the grid, allowing only local access (Oh no! But now we can't collaborate with individuals all over the world!...Actually you can...hire some IT experts to explain the process...)
    Last step...Get back to exploring and discovering cool stuff!

    March 2, 2012 at 11:36 am | Reply
    • E

      1) Let enough of those individuals through, and you might as well not have the block. One good hijack ...

      2) They've probably thought of that.

      3) Also probably thought of that. But there are still ways around physical barriers, especially as long as humans are involved.

      4) So many things that prevent advancement at NASA from happening ... cybersecurity is a very small fraction of those things ... NASA has effectively been neutered for the next decade.

      March 2, 2012 at 11:44 am | Reply
    • Frank

      I thought NASA used UNIX & Mac Servers? I have Russian & Chinese always trying to get into my MACS,
      SO FAR NONE HAVE BEEN ABLE TO !

      March 2, 2012 at 12:51 pm | Reply
    • Aj

      wow!!! All this $$$ spent on nasa and nobody thinks of that??? Wow...gert, wake up!!!! Where have u been?? World has changed...

      March 3, 2012 at 10:07 pm | Reply
    • Eh!

      Even with my modest understanding of IT, I know that your idea won't work. If it were that easy, do you think 'Anonymous' and Lulsec, etc. would ever have gotten as far as they have?

      March 8, 2012 at 11:22 am | Reply
  23. Sarah

    Do you love how when you buy something online, the website always says your data and this transaction is "safe"? Right, when NASA, the Pentagon, and others are hacked, are we really to believe our data is safe with overstock.com? Really?!?

    March 2, 2012 at 11:30 am | Reply
  24. See DOWNLOAD MP4/3GP VIDEOS FOR FREE PLEASE NOTE: U MUST BE 18

    wat bull shit! China, u 4ucking copy brat!

    March 2, 2012 at 11:14 am | Reply
  25. Tony W.

    Unfortunately there is not silver bullet when it comes to protecting corporate assets/data. I do IT security consulting for firms in many different industries (private and public) and always amazed what I find when performing assessments. Truth be told, the only good security approach is a layered one that practices the "defense in depth" model. NASA evidently has very poor controls in place if they allowed an unencrypted laptop to be deployed on their network. The security posture of an organization is only as good as it's weakest link, this is a lesson that many organizations struggle with. On a side note lets hope that the data that was compromised leads to dislosure of some good information to the public, can't let a good crisis go to waste...

    March 2, 2012 at 11:14 am | Reply
    • E

      All technological securities be worthless in the face of social engineering.

      Or have we forgotten Kevin Mitnick, already?

      March 2, 2012 at 11:30 am | Reply
      • Sick

        True! Also have we also forgotten about HBGary Federal?

        March 2, 2012 at 11:49 am |
      • Tony W.

        The best way to protect against social engineeing is to have sound policies and procedures combined with user security awareness training. There is no way to gaurantee that an organization will not experience a breach (technical or non-technical). The goal for any organization should be to use a layered security approach to limit risk and utilize proper incident response to deal with issues as they happen. The internet is a cyber version of the old wild wild west..

        March 2, 2012 at 12:28 pm |
  26. Jack Wagon

    Hey JPL, 3 years ago I demo'd to you folks a product that would protect your most valuable assets, the information in your databases, the crown jewels. This product had the ability to block a SQL transaction in flight based on a policy violation. You chose to use your own internal tools and look at whats happened. Don't you get it? You must protect from not only the outside intruder but also from the inside privileged user. I feel sorry for your lack of motivation to protect your business. How are you doing now? You folks beat me up pretty good with your tech questions but I fielded all of them and gave you great answers, then you decide to sit on your hands and do nothing. You rolled the dice and came up snake eyes! Look up "Guardium" an IBM product again and get with the it or the same will happen again! No
    excuse!

    March 2, 2012 at 10:51 am | Reply
  27. PaulNYC

    But of course people who download a song are Public Enemy #1. Priorities.

    March 2, 2012 at 10:47 am | Reply
  28. The Seventh

    Sick, seems you're kinda bruising for an argument. Most of what you've said is correct though. Calm down – your knowledge can help the normal users.

    March 2, 2012 at 10:43 am | Reply
    • Sick

      Just trying to educate the ignorant masses.

      March 2, 2012 at 10:46 am | Reply
      • ifconfig_sick_down

        Yet you continue to use the same condescending tone to dazzle us with info that could be found in the preface of any O'Reilly Nutshell security paperback. Lighten up Francis...

        March 2, 2012 at 12:06 pm |
      • Sick

        Who is Francis and if it is as easy as reading an O'Reilly book, then why don't people read them and learn before making silly comments? Also anything I have said here is not technical at all. I won't bore people with those details but at minimum everyone should know a little bit about the topic before commenting. If my tone is condescending, I'm sorry but what people assume to be true here is shocking. I certainly hope you're not part of that group. I'd rather be condescending than let ignorance run freely.

        March 2, 2012 at 12:21 pm |
      • Eh!

        For better understanding of "Lighten up, Francis," see the movie Full Metal Jacket. Good movie besides the reference.

        March 8, 2012 at 11:26 am |
  29. Have we ever thought of....

    ....hiring and paying the poeple that were arrested to gain their knowledge and expertise?

    March 2, 2012 at 10:39 am | Reply
    • PantyRaid

      That's a great idea because Chinese don't get paid very much anyways, so it would be a cheap hire!

      March 2, 2012 at 10:44 am | Reply
    • Sick

      It happens. For example the person who first cracked Windows Phone 7 was invited by Microsoft to shed some insight into it. It was the guy behing chevronwp7.

      March 2, 2012 at 10:45 am | Reply
  30. Paul "Barry" Karn

    I took a dump in my pants last week & still have them on!

    March 2, 2012 at 10:36 am | Reply
    • PantyRaid

      I was wondering what that delicious smell was!

      March 2, 2012 at 10:43 am | Reply
  31. PantyRaid

    Well what do you expect when all the parts are made in China? They set them up ahead of time to be hacked.

    March 2, 2012 at 10:26 am | Reply
    • Sick

      Oh and can you know that the manufacturing silicon and metal parts is the same thing as the firmware and software that usually is developed in the U.S. which these devices run on? I'm sure the hardware vendors know about these hardware "vulnerabilities".

      March 2, 2012 at 10:32 am | Reply
  32. me

    Blocking China really does not stop the issue of foreign attackers. The usage of a virus infected proxy or simply setting up a proxy using Amazon web services and as far as everyone knows, you're in the USA. I do agree that a direct-connect from a Chinese IP address should set off red flags every where!!!

    The only real protection is to disconnect from the Internet.

    March 2, 2012 at 10:24 am | Reply
    • Devastator

      It wasn't China folks. It was Skynet.

      March 2, 2012 at 10:52 am | Reply
  33. Frank Garrett

    Boycot imports from China until they stop hacking us.

    March 2, 2012 at 10:22 am | Reply
  34. John

    How about making the computers with sensitive data without internet access? I remember some our nuke research companies doing exactly that, brute force isolation. Hackers would have to get into the building to do anything, certainly not foolproof but a lot harder than sitting in a chair 7,000 miles away.

    March 2, 2012 at 10:12 am | Reply
  35. us1776

    Why in this day and age is anyone in govt running around with an unencrypted laptop?

    I suppose they all leave the keys in their car at all times and their front door unlocked.

    All these hacking attempts should have immediately tripped system monitors. Oh, I guess we don't know how to install any system monitoring either.

    Pitiful. Just pitiful.

    .

    March 2, 2012 at 10:06 am | Reply
    • Sick

      Are you a security expert? Maybe you should work for them b/c obviously none of the experts out there are good enough!
      Keep in mind a good majority of breaches, high or low profile, are due to individual's lack of concern. The unencrypted laptop was probably never intended to hold classified data and the employee probably was told not to do that. You're right. They might've been a careless employee but no matter how many active systems are in place, a single, careless employee can take it down.

      Also when you say these attacks should've tripped system monitors, what triggers do you set? How do you differentiate a legitimate request and an attack that looks exactly like one? Ever hear of stuxnet? It's not as simple as black and white. If you are indeed an expert in cyber security, come forward to DEFCON or some other expo and present your genius findings.

      March 2, 2012 at 10:15 am | Reply
      • Eddy Money

        I'm no security expert, but I can tell you we've spent a ton of money on equipement to prevent just this sort of thing. We used to be hacked all the time.

        Since we've installed all these firewalls/security things, we haven't been haced once.

        March 2, 2012 at 10:34 am |
      • Sick

        irewalls and "security things" are assumed for any network but are far from being "secure". Simply, if there is no interest in your stuff, less likely someone wants to hack it.

        March 2, 2012 at 10:42 am |
      • E

        @Eddy Money

        Your complacency and ignorance = security loopholes for anyone interested in your system.

        March 2, 2012 at 11:34 am |
  36. MidWestern Boy

    OK, so this originated in China, where many of these attacks always seem to originate.
    Here are a few tips for the NASA rocket scientists from a lowly taxpayer sick of our lack of an effective response.

    1) Put incorrect and infected data on your NASA servers and let them steal that. (It is called a Trojan Horse)
    2) Put some of your NASA genius crew on development of a fail safe security apparatus.
    3) Call out the Chinese and stop any and all scientific exchanges until the halt their BS,

    I would consider spying on their electronic data (which we already do) but all we would get from them is what they originally stole from us anyway. JUST DO SOMETHING !

    March 2, 2012 at 9:51 am | Reply
    • Sick

      Are you in the computer industry MidWesternBoy? If you are a subject matter expert on cyber security or at least have some good knowledge on it, there are plenty of jobs for those people with those skills!

      1. Google "Honeypot". What you describe here is used often to trap and counter-attack attackers. Your idea is not a new concept.
      2. There are active systems to alleviate a cyber attack but unfortunately being under attack isn't as obvious as someone coming up to you and slapping you in the face. Again, if you know of better and more robust systems, I'd encourage you to apply for a cyber security position with them.
      3. It has been done before. Again, not a new idea or concept.

      To put it simply, they ARE doing stuff but keep in mind hackers are usually always one step ahead of defenses. Why do burglars still break into homes? Same idea. There will always be a way in even if you actively beef up your security.

      March 2, 2012 at 9:57 am | Reply
      • Umami

        Wow Gene-ass you're so knowledgeable. Can't help but show your pc acumen.

        March 2, 2012 at 10:35 am |
      • Sick

        Umami – better me than you or any other of you ass-wipes out there who think it's easy.

        March 2, 2012 at 10:39 am |
      • skorn

        I completely agree with sick. Its not like NASA is running around with an open network and hackers are just logging in just like that. They get billions in funding and probably have an extremely secure network. Protecting a billion dollar government agency and you setting up a firewall for your network is on a completely different level. They have something of extreme value, you probably do not. That is the difference.

        March 2, 2012 at 11:16 am |
    • Portland Boy Scout

      My high school science teacher told us that Israel is behind the hacking of our sensitive computers.

      March 2, 2012 at 10:02 am | Reply
      • Sick

        ... that's great to know.

        March 2, 2012 at 10:06 am |
      • Michael

        I don't how your high school teachers "knows" that but yes, Israel is a big player in trying to hack our systems...and I do know that for sure since I've seen the logs.

        March 2, 2012 at 11:05 am |
    • JeramieH

      > from a lowly taxpayer sick of our lack of an effective response.

      So NASA may successfully stop 99.999% of the hacking attempts on their systems, but you're "sick of our lack of an effective response" for the 0.0001% that succeed?

      My little home web server is constantly hit by script attacks, 24/7. There must be tens of thousands per day. And I'm a nobody. Can you imagine the onslaught that NASA must endure constantly?

      March 2, 2012 at 10:31 am | Reply
      • Sick

        JeramieH... Thank you for a rational perspective. Same for me too. I run several servers too and I get several hundred attacks an hour. Like you said, I can only imagine what threats they come under every day.

        March 2, 2012 at 10:37 am |
    • flounderbait

      Ummm, that is not what a Trojan Horse is. A Trojan Horse is a virus which remains dormant until a predetermined time in the future, at which times it activates and does whatever it was written to do.

      March 2, 2012 at 10:35 am | Reply
      • Sick

        Again, what he was describing was a Honeypot and I'm sure any good network has a few in place but any sophisticated hacker can probably bypass them without any interest. MidWestern Boy doesn't know what he's talking about.

        March 2, 2012 at 10:38 am |
  37. John F. Kennedy

    What the world needs now is love.

    March 2, 2012 at 9:49 am | Reply
    • Richard nixon

      ... is love sweet love – – – – – -> burt bacharach.... HAHAHAHA

      March 2, 2012 at 9:58 am | Reply
      • John Lennon

        Imagine what the world can be without all this madness.

        March 2, 2012 at 10:04 am |
      • Johnny Rotten

        Bollocks

        March 2, 2012 at 10:37 am |
      • VENGABOYS

        The doctor checked my harddrive
        A virus in my archive
        My disc was not protected
        And now I am infected

        March 2, 2012 at 11:05 am |
  38. NODAT1

    OK so the hackers got into the unclassified NASA network so what.
    The real question should be why is NASA allowing sensitive information to be stored on a unclassified network?

    March 2, 2012 at 9:43 am | Reply
    • Sick

      Where does it say it was on an "unclassified" network?

      March 2, 2012 at 9:47 am | Reply
    • aclue

      To inform NODAT1 of his mis information:
      NASA does not have classified computers. Everything they do is unclassified. They do have export controlled technology and some items are under ITAR restrictions but NASA does not do classified work.

      March 2, 2012 at 10:11 am | Reply
    • JohnJohn

      The systems compromised were not secure systems. If NASA went to a secure Linux throughout this would not happen. It so happens there are a lot of Microsoft systems running on NASA and personal machines and that is usually how they get in. Access to NASA needs to be blocked for all but secure machines. Easy to do, but tell an MBA he is a moron and you get fired, so the stupidity continues. Typical corp nonsense.

      March 3, 2012 at 10:41 am | Reply
  39. whaledrvr

    Maybe we just need to isolate China from the Web. They can be one big Intranet.

    March 2, 2012 at 9:42 am | Reply
  40. Terry

    Oh No, they got the construction plans for the Moon Village. What are we to do?

    March 2, 2012 at 9:28 am | Reply
  41. Pete

    Don't connect the hardware with sensitive internal data to the public Internet.

    March 2, 2012 at 9:27 am | Reply
    • Sick

      Again, Pete, I don't know what line of work you deal with but most sensitive government systems / internal networks are severely isolated from the public internet and deal with a more intranet based architecture and yet there are still many vulnerabilities to each network. Also a good amount of attacks also possibly come from other methods besides technical hacking – like social engineering, phishing, etc. I don't know the details of this attack in particular but I'm fairly sure that NASA's critical systems like the one compromised isn't connected like the rest of us for a free-for-all into its network.

      March 2, 2012 at 9:45 am | Reply
  42. Feast of Beast

    Hackers pizz me off. They should be treated ike any other thieves and be severely punished.

    March 2, 2012 at 9:24 am | Reply
    • Sick

      and how do you go about punishing somebody behind a foreign IP in China? Understandably, we can do this with the help of foreign cooperation but for the thousands of attacks that originate from far away, how do you go about this? I don't know if you are in a cyber-security related field but it isn't as easy as snapping one's fingers.

      Instead, I would promote cyber-securty related positions in our education system as well as a call for more of those engineers. I would also like our government promote counter cyber terrorism, effectively being more proactive and reactive to these attacks rather than discuss them after the fact.

      March 2, 2012 at 9:42 am | Reply
      • butangi

        US can't do nothing about this because china is far more wealthy now than the US. American owe huge amount of debt to china that even if they hacked the NASA all US can do is watch and pray it will never happen again, thus promoting counter cyber terrorism is impossible.

        March 2, 2012 at 10:21 am |
      • Sick

        First the U.S. has a far higher GDP than China does. Go educate yourself. Two, the U.S. has a good amount of debt to China but not as much as you think and most of it is domestically held. Stop playing into the fear mongering or spreading it. Get your facts right. And why is promoting it impossible? Are you stupid?

        March 2, 2012 at 10:28 am |
      • JV

        Deploy a small EMP on the source every time it happens. Yes, they can track the source. They will eventually get the message. Maybe not very PC for you face down @ss up left field Libs, but it does not hurt or kill any one. Very rational and gets the point across. When will you get that the world is a evil place and everyone wants what you have, and will kill and steal for it. Simple human nature. It all fun and games until you get caught, again, and again, and again, and again ~

        March 2, 2012 at 11:58 am |
  43. michaelfury

    http://michaelfury.wordpress.com/2011/06/02/maximum-visibility/

    March 2, 2012 at 8:56 am | Reply

Post a comment


 

CNN welcomes a lively and courteous discussion as long as you follow the Rules of Conduct set forth in our Terms of Service. Comments are not pre-screened before they post. You agree that anything you post may be used, along with your name and profile picture, in accordance with our Privacy Policy and the license you have granted pursuant to our Terms of Service.